ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-04 09:56:13 +03:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into sage-8.4

Browse Source
This commit is contained in:
Timo Kaufmann 2018-08-15 13:51:07 +02:00
commit df97127114
730 changed files with 18922 additions and 16764 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/CODEOWNERS vendored
View File

@ -21,7 +21,8 @@
/pkgs/top-level/default.nix @nbp @Ericson2314
/pkgs/top-level/impure.nix @nbp @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314
/pkgs/stdenv
/pkgs/stdenv/generic @Ericson2314
/pkgs/stdenv/cross @Ericson2314
/pkgs/build-support/cc-wrapper @Ericson2314 @orivej
/pkgs/build-support/bintools-wrapper @Ericson2314 @orivej
/pkgs/build-support/setup-hooks @Ericson2314

13
doc/languages-frameworks/haskell.section.md
View File

@ -1047,6 +1047,19 @@ As you can see, `packunused` finds out that although the testsuite component has
no redundant dependencies the library component of `scientific-0.3.5.1` depends
on `ghc-prim` which is unused in the library.
### Using hackage2nix with nixpkgs
Hackage package derivations are found in the
[`hackage-packages.nix`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/hackage-packages.nix)
file within `nixpkgs` and are used as the initial package set for
`haskellPackages`. The `hackage-packages.nix` file is not meant to be edited
by hand, but rather autogenerated by [`hackage2nix`](https://github.com/NixOS/cabal2nix/tree/master/hackage2nix),
which by default uses the [`configuration-hackage2nix.yaml`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml)
file to generate all the derivations.
To modify the contents `configuration-hackage2nix.yaml`, follow the
instructions on [`hackage2nix`](https://github.com/NixOS/cabal2nix/tree/master/hackage2nix).
## Other resources
- The Youtube video [Nix Loves Haskell](https://www.youtube.com/watch?v=BsBhi_r-OeE)

5
doc/languages-frameworks/rust.section.md
View File

@ -59,6 +59,11 @@ all crate sources of this package. Currently it is obtained by inserting a
fake checksum into the expression and building the package once. The correct
checksum can be then take from the failed build.
When the `Cargo.lock`, provided by upstream, is not in sync with the
`Cargo.toml`, it is possible to use `cargoPatches` to update it. All patches
added in `cargoPatches` will also be prepended to the patches in `patches` at
build-time.
To install crates with nix there is also an experimental project called
[nixcrates](https://github.com/fractalide/nixcrates).

48
doc/package-notes.xml
View File

@ -705,4 +705,52 @@ overrides = super: self: rec {
</programlisting>
</para>
</section>
<section xml:id="sec-citrix">
<title>Citrix Receiver</title>
<para>
The <link xlink:href="https://www.citrix.com/products/receiver/">Citrix Receiver</link> is a remote
desktop viewer which provides access to
<link xlink:href="https://www.citrix.com/products/xenapp-xendesktop/">XenDesktop</link> installations.
</para>
<section xml:id="sec-citrix-base">
<title>Basic usage</title>
<para>
The tarball archive needs to be downloaded manually as the licenses agreements of the vendor
need to be accepted first. This is available at the
<link xlink:href="https://www.citrix.com/downloads/citrix-receiver/">download page at citrix.com</link>.
Then run <literal>nix-prefetch-url file://$PWD/linuxx64-$version.tar.gz</literal>.
With the archive available in the store the package can be built and installed with Nix.
</para>
<para>
<emphasis>Note: it's recommended to install <literal>Citrix Receiver</literal> using
<literal>nix-env -i</literal> or globally to ensure that the <literal>.desktop</literal> files
are installed properly into <literal>$XDG_CONFIG_DIRS</literal>. Otherwise it won't
be possible to open <literal>.ica</literal> files
automatically from the browser to start a Citrix connection.</emphasis>
</para>
</section>
<section xml:id="sec-citrix-custom-certs">
<title>Custom certificates</title>
<para>
The <literal>Citrix Receiver</literal> in <literal>nixpkgs</literal> trusts several certificates
<link xlink:href="https://curl.haxx.se/docs/caextract.html">from the Mozilla database</link> by default.
However several companies using Citrix might require their own corporate certificate. On distros with imperative
packaging these certs can be stored easily in
<link xlink:href="https://developer-docs.citrix.com/projects/receiver-for-linux-command-reference/en/13.7/"><literal>$ICAROOT</literal></link>,
however this directory is a store path in <literal>nixpkgs</literal>. In order to work around this issue the package provides a simple
mechanism to add custom certificates without rebuilding the entire package using <literal>symlinkJoin</literal>:
<programlisting>
<![CDATA[with import <nixpkgs> { config.allowUnfree = true; };
let extraCerts = [ ./custom-cert-1.pem ./custom-cert-2.pem /* ... */ ]; in
citrix_receiver.override {
inherit extraCerts;
}]]>
</programlisting>
</para>
</section>
</section>
</chapter>

10
doc/reviewing-contributions.xml
View File

@ -103,8 +103,9 @@
<itemizedlist>
<listitem>
<para>
mention-bot usually notifies GitHub users based on the submitted changes,
but it can happen that it misses some of the package maintainers.
<link xlink:href="https://help.github.com/articles/about-codeowners/">CODEOWNERS</link>
will make GitHub notify users based on the submitted changes, but it can
happen that it misses some of the package maintainers.
</para>
</listitem>
</itemizedlist>
@ -376,8 +377,9 @@ $ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
<itemizedlist>
<listitem>
<para>
Mention-bot notify GitHub users based on the submitted changes, but it
can happen that it miss some of the package maintainers.
<link xlink:href="https://help.github.com/articles/about-codeowners/">CODEOWNERS</link>
will make GitHub notify users based on the submitted changes, but it can
happen that it misses some of the package maintainers.
</para>
</listitem>
</itemizedlist>

7
doc/stdenv.xml
View File

@ -836,9 +836,10 @@ passthru = {
These can optionally be compressed using <command>gzip</command>
(<filename>.tar.gz</filename>, <filename>.tgz</filename> or
<filename>.tar.Z</filename>), <command>bzip2</command>
(<filename>.tar.bz2</filename> or <filename>.tbz2</filename>) or
<command>xz</command> (<filename>.tar.xz</filename> or
<filename>.tar.lzma</filename>).
(<filename>.tar.bz2</filename>, <filename>.tbz2</filename> or
<filename>.tbz</filename>) or <command>xz</command>
(<filename>.tar.xz</filename>, <filename>.tar.lzma</filename> or
<filename>.txz</filename>).
</para>
</listitem>
</varlistentry>

32
maintainers/maintainer-list.nix
View File

@ -807,6 +807,11 @@
github = "coroa";
name = "Jonas Hörsch";
};
costrouc = {
email = "chris.ostrouchov@gmail.com";
github = "costrouc";
name = "Chris Ostrouchov";
};
couchemar = {
email = "couchemar@yandex.ru";
github = "couchemar";
@ -1377,6 +1382,11 @@
github = "fps";
name = "Florian Paul Schmidt";
};
freepotion = {
email = "freepotion@protonmail.com";
github = "freepotion";
name = "Free Potion";
};
Fresheyeball = {
email = "fresheyeball@gmail.com";
github = "fresheyeball";
@ -1674,6 +1684,11 @@
github = "ikervagyok";
name = "Balázs Lengyel";
};
illegalprime = {
email = "themichaeleden@gmail.com";
github = "illegalprime";
name = "Michael Eden";
};
ilya-kolpakov = {
email = "ilya.kolpakov@gmail.com";
github = "ilya-kolpakov";
@ -1689,6 +1704,11 @@
github = "imalsogreg";
name = "Greg Hale";
};
imuli = {
email = "i@imu.li";
github = "imuli";
name = "Imuli";
};
infinisil = {
email = "infinisil@icloud.com";
github = "infinisil";
@ -1837,6 +1857,11 @@
github = "jluttine";
name = "Jaakko Luttinen";
};
jmettes = {
email = "jonathan@jmettes.com";
github = "jmettes";
name = "Jonathan Mettes";
};
Jo = {
email = "0x4A6F@shackspace.de";
name = "Joachim Ernst";
@ -2185,7 +2210,7 @@
name = "Nathaniel Baxter";
};
lightdiscord = {
email = "arnaud@lightdiscord.me";
email = "root@arnaud.sh";
github = "lightdiscord";
name = "Arnaud Pascal";
};
@ -2852,11 +2877,6 @@
github = "nocoolnametom";
name = "Tom Doggett";
};
nonfreeblob = {
email = "nonfreeblob@yandex.com";
github = "nonfreeblob";
name = "nonfreeblob";
};
notthemessiah = {
email = "brian.cohen.88@gmail.com";
github = "notthemessiah";

24
nixos/doc/manual/release-notes/rl-1809.xml
View File

@ -73,6 +73,14 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
</para>
<itemizedlist>
<listitem>
<para>
The <varname>services.cassandra</varname> module has been reworked and
was rewritten from scratch. The service has succeeding tests for
the versions 2.1, 2.2, 3.0 and 3.11 of <link
xlink:href="https://cassandra.apache.org/">Apache Cassandra</link>.
</para>
</listitem>
<listitem>
<para>
There is a new <varname>services.foundationdb</varname> module for deploying
@ -119,6 +127,12 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
</para>
<itemizedlist>
<listitem>
<para>
The deprecated <varname>services.cassandra</varname> module has
seen a complete rewrite. (See above.)
</para>
</listitem>
<listitem>
<para>
<literal>lib.strict</literal> is removed. Use
@ -176,6 +190,16 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
which indicates that the nix output hash will be used as tag.
</para>
</listitem>
<listitem>
<para>
Options
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal>
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal>
were removed. <literal>luksroot.nix</literal> module never supported more than one YubiKey at
a time anyway, hence those options never had any effect. You should be able to remove them
from your config without any issues.
</para>
</listitem>
</itemizedlist>
</section>

2
nixos/modules/config/shells-environment.nix
View File

@ -70,7 +70,7 @@ in
description = ''
Shell script code called during global environment initialisation
after all variables and profileVariables have been set.
This code is asumed to be shell-independent, which means you should
This code is assumed to be shell-independent, which means you should
stick to pure sh without sh word split.
'';
type = types.lines;

3
nixos/modules/installer/cd-dvd/installation-cd-base.nix
View File

@ -29,8 +29,5 @@ with lib;
# Add Memtest86+ to the CD.
boot.loader.grub.memtest86.enable = true;
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
system.stateVersion = mkDefault "18.03";
}

3
nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
View File

@ -33,9 +33,6 @@ in
# Also increase the amount of CMA to ensure the virtual console on the RPi3 works.
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0"];
# FIXME: this probably should be in installation-device.nix
users.users.root.initialHashedPassword = "";
sdImage = {
populateBootCommands = let
configTxt = pkgs.writeText "config.txt" ''

3
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
View File

@ -34,9 +34,6 @@ in
# - ttySAC2: for Exynos (ODROID-XU3)
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=ttyO0,115200n8" "console=ttySAC2,115200n8" "console=tty0"];
# FIXME: this probably should be in installation-device.nix
users.users.root.initialHashedPassword = "";
sdImage = {
populateBootCommands = let
configTxt = pkgs.writeText "config.txt" ''

3
nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix
View File

@ -27,9 +27,6 @@ in
boot.consoleLogLevel = lib.mkDefault 7;
boot.kernelPackages = pkgs.linuxPackages_rpi;
# FIXME: this probably should be in installation-device.nix
users.users.root.initialHashedPassword = "";
sdImage = {
populateBootCommands = let
configTxt = pkgs.writeText "config.txt" ''

3
nixos/modules/installer/netboot/netboot-base.nix
View File

@ -14,7 +14,4 @@ with lib;
../../profiles/base.nix
../../profiles/installation-device.nix
];
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
}

7
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -536,6 +536,13 @@ if ($showHardwareConfig) {
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
EOF
} elsif (-e "/boot/extlinux") {
$bootLoaderConfig = <<EOF;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
EOF
} elsif ($virt ne "systemd-nspawn") {
$bootLoaderConfig = <<EOF;

4
nixos/modules/misc/ids.nix
View File

@ -324,6 +324,8 @@
hadoop = 297;
hydron = 298;
cfssl = 299;
cassandra = 300;
qemu-libvirtd = 301;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -608,6 +610,8 @@
hadoop = 297;
hydron = 298;
cfssl = 299;
cassandra = 300;
qemu-libvirtd = 301;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

3
nixos/modules/misc/version.nix
View File

@ -76,9 +76,6 @@ in
config = {
warnings = lib.optional (options.system.stateVersion.highestPrio > 1000)
"You don't have `system.stateVersion` explicitly set. Expect things to break.";
system.nixos = {
# These defaults are set here rather than up there so that
# changing them would not rebuild the manual

2
nixos/modules/module-list.nix
View File

@ -201,6 +201,7 @@
./services/databases/4store-endpoint.nix
./services/databases/4store.nix
./services/databases/aerospike.nix
./services/databases/cassandra.nix
./services/databases/clickhouse.nix
./services/databases/couchdb.nix
./services/databases/firebird.nix
@ -622,6 +623,7 @@
./services/search/hound.nix
./services/search/kibana.nix
./services/search/solr.nix
./services/security/certmgr.nix
./services/security/cfssl.nix
./services/security/clamav.nix
./services/security/fail2ban.nix

4
nixos/modules/profiles/installation-device.nix
View File

@ -86,5 +86,9 @@ with lib;
networking.firewall.logRefusedConnections = mkDefault false;
environment.systemPackages = [ pkgs.vim ];
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
};
}

52
nixos/modules/programs/zsh/oh-my-zsh.nix
View File

@ -3,7 +3,30 @@
with lib;
let
cfg = config.programs.zsh.ohMyZsh;
mkLinkFarmEntry = name: dir:
let
env = pkgs.buildEnv {
name = "zsh-${name}-env";
paths = cfg.customPkgs;
pathsToLink = "/share/zsh/${dir}";
};
in
{ inherit name; path = "${env}/share/zsh/${dir}"; };
mkLinkFarmEntry' = name: mkLinkFarmEntry name name;
custom =
if cfg.custom != null then cfg.custom
else if length cfg.customPkgs == 0 then null
else pkgs.linkFarm "oh-my-zsh-custom" [
(mkLinkFarmEntry' "themes")
(mkLinkFarmEntry "completions" "site-functions")
(mkLinkFarmEntry' "plugins")
];
in
{
options = {
@ -34,10 +57,19 @@ in
};
custom = mkOption {
default = "";
type = types.str;
default = null;
type = with types; nullOr str;
description = ''
Path to a custom oh-my-zsh package to override config of oh-my-zsh.
(Can't be used along with `customPkgs`).
'';
};
customPkgs = mkOption {
default = [];
type = types.listOf types.package;
description = ''
List of custom packages that should be loaded into `oh-my-zsh`.
'';
};
@ -67,7 +99,7 @@ in
environment.systemPackages = [ cfg.package ];
programs.zsh.interactiveShellInit = with builtins; ''
programs.zsh.interactiveShellInit = ''
# oh-my-zsh configuration generated by NixOS
export ZSH=${cfg.package}/share/oh-my-zsh
@ -75,8 +107,8 @@ in
"plugins=(${concatStringsSep " " cfg.plugins})"
}
${optionalString (stringLength(cfg.custom) > 0)
"ZSH_CUSTOM=\"${cfg.custom}\""
${optionalString (custom != null)
"ZSH_CUSTOM=\"${custom}\""
}
${optionalString (stringLength(cfg.theme) > 0)
@ -92,5 +124,15 @@ in
source $ZSH/oh-my-zsh.sh
'';
assertions = [
{
assertion = cfg.custom != null -> cfg.customPkgs == [];
message = "If `cfg.custom` is set for `ZSH_CUSTOM`, `customPkgs` can't be used!";
}
];
};
meta.doc = ./oh-my-zsh.xml;
}

125
nixos/modules/programs/zsh/oh-my-zsh.xml Normal file
View File

@ -0,0 +1,125 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-programs-zsh-ohmyzsh">
<title>Oh my ZSH</title>
<para><literal><link xlink:href="https://ohmyz.sh/">oh-my-zsh</link></literal> is a framework
to manage your <link xlink:href="https://www.zsh.org/">ZSH</link> configuration
including completion scripts for several CLI tools or custom prompt themes.</para>
<section><title>Basic usage</title>
<para>The module uses the <literal>oh-my-zsh</literal> package with all available features. The
initial setup using Nix expressions is fairly similar to the configuration format
of <literal>oh-my-zsh</literal>.
<programlisting>
{
programs.ohMyZsh = {
enable = true;
plugins = [ "git" "python" "man" ];
theme = "agnoster";
};
}
</programlisting>
For a detailed explanation of these arguments please refer to the
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki"><literal>oh-my-zsh</literal> docs</link>.
</para>
<para>The expression generates the needed
configuration and writes it into your <literal>/etc/zshrc</literal>.
</para></section>
<section><title>Custom additions</title>
<para>Sometimes third-party or custom scripts such as a modified theme may be needed.
<literal>oh-my-zsh</literal> provides the
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki/Customization#overriding-internals"><literal>ZSH_CUSTOM</literal></link>
environment variable for this which points to a directory with additional scripts.</para>
<para>The module can do this as well:
<programlisting>
{
programs.ohMyZsh.custom = "~/path/to/custom/scripts";
}
</programlisting>
</para></section>
<section><title>Custom environments</title>
<para>There are several extensions for <literal>oh-my-zsh</literal> packaged in <literal>nixpkgs</literal>.
One of them is <link xlink:href="https://github.com/spwhitt/nix-zsh-completions">nix-zsh-completions</link>
which bundles completion scripts and a plugin for <literal>oh-my-zsh</literal>.</para>
<para>Rather than using a single mutable path for <literal>ZSH_CUSTOM</literal>, it's also possible to
generate this path from a list of Nix packages:
<programlisting>
{ pkgs, ... }:
{
programs.ohMyZsh.customPkgs = with pkgs; [
pkgs.nix-zsh-completions
# and even more...
];
}
</programlisting>
Internally a single store path will be created using <literal>buildEnv</literal>.
Please refer to the docs of
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-building-environment"><literal>buildEnv</literal></link>
for further reference.</para>
<para><emphasis>Please keep in mind that this is not compatible with <literal>programs.ohMyZsh.custom</literal>
as it requires an immutable store path while <literal>custom</literal> shall remain mutable! An evaluation failure
will be thrown if both <literal>custom</literal> and <literal>customPkgs</literal> are set.</emphasis>
</para></section>
<section><title>Package your own customizations</title>
<para>If third-party customizations (e.g. new themes) are supposed to be added to <literal>oh-my-zsh</literal>
there are several pitfalls to keep in mind:</para>
<itemizedlist>
<listitem>
<para>To comply with the default structure of <literal>ZSH</literal> the entire output needs to be written to
<literal>$out/share/zsh.</literal></para>
</listitem>
<listitem>
<para>Completion scripts are supposed to be stored at <literal>$out/share/zsh/site-functions</literal>. This directory
is part of the <literal><link xlink:href="http://zsh.sourceforge.net/Doc/Release/Functions.html">fpath</link></literal>
and the package should be compatible with pure <literal>ZSH</literal> setups. The module will automatically link
the contents of <literal>site-functions</literal> to completions directory in the proper store path.</para>
</listitem>
<listitem>
<para>The <literal>plugins</literal> directory needs the structure <literal>pluginname/pluginname.plugin.zsh</literal>
as structured in the <link xlink:href="https://github.com/robbyrussell/oh-my-zsh/tree/91b771914bc7c43dd7c7a43b586c5de2c225ceb7/plugins">upstream repo.</link>
</para>
</listitem>
</itemizedlist>
<para>
A derivation for <literal>oh-my-zsh</literal> may look like this:
<programlisting>
{ stdenv, fetchFromGitHub }:
stdenv.mkDerivation rec {
name = "exemplary-zsh-customization-${version}";
version = "1.0.0";
src = fetchFromGitHub {
# path to the upstream repository
};
dontBuild = true;
installPhase = ''
mkdir -p $out/share/zsh/site-functions
cp {themes,plugins} $out/share/zsh
cp completions $out/share/zsh/site-functions
'';
}
</programlisting>
</para>
</section>
</chapter>

2
nixos/modules/rename.nix
View File

@ -9,7 +9,6 @@ with lib;
(mkRenamedOptionModule [ "system" "nixos" "stateVersion" ] [ "system" "stateVersion" ])
(mkRenamedOptionModule [ "system" "nixos" "defaultChannel" ] [ "system" "defaultChannel" ])
(mkRenamedOptionModule [ "dysnomia" ] [ "services" "dysnomia" ])
(mkRenamedOptionModule [ "environment" "x11Packages" ] [ "environment" "systemPackages" ])
(mkRenamedOptionModule [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ])
(mkRenamedOptionModule [ "environment" "nix" ] [ "nix" "package" ])
@ -257,6 +256,7 @@ with lib;
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
(mkRemovedOptionModule [ "virtualisation" "xen" "qemu" ] "You don't need this option anymore, it will work without it.")
(mkRemovedOptionModule [ "boot" "zfs" "enableLegacyCrypto" ] "The corresponding package was removed from nixpkgs.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])

655
nixos/modules/services/databases/cassandra.nix
View File

@ -4,445 +4,288 @@ with lib;
let
cfg = config.services.cassandra;
cassandraPackage = cfg.package.override {
jre = cfg.jre;
};
cassandraUser = {
name = cfg.user;
home = "/var/lib/cassandra";
description = "Cassandra role user";
};
cassandraRackDcProperties = ''
dc=${cfg.dc}
rack=${cfg.rack}
'';
cassandraConf = ''
cluster_name: ${cfg.clusterName}
num_tokens: 256
auto_bootstrap: ${boolToString cfg.autoBootstrap}
hinted_handoff_enabled: ${boolToString cfg.hintedHandOff}
hinted_handoff_throttle_in_kb: ${builtins.toString cfg.hintedHandOffThrottle}
max_hints_delivery_threads: 2
max_hint_window_in_ms: 10800000 # 3 hours
authenticator: ${cfg.authenticator}
authorizer: ${cfg.authorizer}
permissions_validity_in_ms: 2000
partitioner: org.apache.cassandra.dht.Murmur3Partitioner
data_file_directories:
${builtins.concatStringsSep "\n" (map (v: " - "+v) cfg.dataDirs)}
commitlog_directory: ${cfg.commitLogDirectory}
disk_failure_policy: stop
key_cache_size_in_mb:
key_cache_save_period: 14400
row_cache_size_in_mb: 0
row_cache_save_period: 0
saved_caches_directory: ${cfg.savedCachesDirectory}
commitlog_sync: ${cfg.commitLogSync}
commitlog_sync_period_in_ms: ${builtins.toString cfg.commitLogSyncPeriod}
commitlog_segment_size_in_mb: 32
seed_provider:
- class_name: org.apache.cassandra.locator.SimpleSeedProvider
parameters:
- seeds: "${builtins.concatStringsSep "," cfg.seeds}"
concurrent_reads: ${builtins.toString cfg.concurrentReads}
concurrent_writes: ${builtins.toString cfg.concurrentWrites}
memtable_flush_queue_size: 4
trickle_fsync: false
trickle_fsync_interval_in_kb: 10240
storage_port: 7000
ssl_storage_port: 7001
listen_address: ${cfg.listenAddress}
start_native_transport: true
native_transport_port: 9042
start_rpc: true
rpc_address: ${cfg.rpcAddress}
rpc_port: 9160
rpc_keepalive: true
rpc_server_type: sync
thrift_framed_transport_size_in_mb: 15
incremental_backups: ${boolToString cfg.incrementalBackups}
snapshot_before_compaction: false
auto_snapshot: true
column_index_size_in_kb: 64
in_memory_compaction_limit_in_mb: 64
multithreaded_compaction: false
compaction_throughput_mb_per_sec: 16
compaction_preheat_key_cache: true
read_request_timeout_in_ms: 10000
range_request_timeout_in_ms: 10000
write_request_timeout_in_ms: 10000
cas_contention_timeout_in_ms: 1000
truncate_request_timeout_in_ms: 60000
request_timeout_in_ms: 10000
cross_node_timeout: false
endpoint_snitch: ${cfg.snitch}
dynamic_snitch_update_interval_in_ms: 100
dynamic_snitch_reset_interval_in_ms: 600000
dynamic_snitch_badness_threshold: 0.1
request_scheduler: org.apache.cassandra.scheduler.NoScheduler
server_encryption_options:
internode_encryption: ${cfg.internodeEncryption}
keystore: ${cfg.keyStorePath}
keystore_password: ${cfg.keyStorePassword}
truststore: ${cfg.trustStorePath}
truststore_password: ${cfg.trustStorePassword}
client_encryption_options:
enabled: ${boolToString cfg.clientEncryption}
keystore: ${cfg.keyStorePath}
keystore_password: ${cfg.keyStorePassword}
internode_compression: all
inter_dc_tcp_nodelay: false
preheat_kernel_page_cache: false
streaming_socket_timeout_in_ms: ${toString cfg.streamingSocketTimoutInMS}
'';
cassandraLog = ''
log4j.rootLogger=${cfg.logLevel},stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%t] %d{HH:mm:ss,SSS} %m%n
'';
cassandraConfFile = pkgs.writeText "cassandra.yaml" cassandraConf;
cassandraLogFile = pkgs.writeText "log4j-server.properties" cassandraLog;
cassandraRackFile = pkgs.writeText "cassandra-rackdc.properties" cassandraRackDcProperties;
cassandraEnvironment = {
CASSANDRA_HOME = cassandraPackage;
JAVA_HOME = cfg.jre;
CASSANDRA_CONF = "/etc/cassandra";
};
defaultUser = "cassandra";
cassandraConfig = flip recursiveUpdate cfg.extraConfig
({ commitlog_sync = "batch";
commitlog_sync_batch_window_in_ms = 2;
partitioner = "org.apache.cassandra.dht.Murmur3Partitioner";
endpoint_snitch = "SimpleSnitch";
seed_provider =
[{ class_name = "org.apache.cassandra.locator.SimpleSeedProvider";
parameters = [ { seeds = "127.0.0.1"; } ];
}];
data_file_directories = [ "${cfg.homeDir}/data" ];
commitlog_directory = "${cfg.homeDir}/commitlog";
saved_caches_directory = "${cfg.homeDir}/saved_caches";
} // (if builtins.compareVersions cfg.package.version "3" >= 0
then { hints_directory = "${cfg.homeDir}/hints"; }
else {})
);
cassandraConfigWithAddresses = cassandraConfig //
( if isNull cfg.listenAddress
then { listen_interface = cfg.listenInterface; }
else { listen_address = cfg.listenAddress; }
) // (
if isNull cfg.rpcAddress
then { rpc_interface = cfg.rpcInterface; }
else { rpc_address = cfg.rpcAddress; }
);
cassandraEtc = pkgs.stdenv.mkDerivation
{ name = "cassandra-etc";
cassandraYaml = builtins.toJSON cassandraConfigWithAddresses;
cassandraEnvPkg = "${cfg.package}/conf/cassandra-env.sh";
buildCommand = ''
mkdir -p "$out"
echo "$cassandraYaml" > "$out/cassandra.yaml"
ln -s "$cassandraEnvPkg" "$out/cassandra-env.sh"
'';
};
in {
###### interface
options.services.cassandra = {
enable = mkOption {
description = "Whether to enable cassandra.";
default = false;
type = types.bool;
};
package = mkOption {
description = "Cassandra package to use.";
default = pkgs.cassandra;
defaultText = "pkgs.cassandra";
type = types.package;
};
jre = mkOption {
description = "JRE package to run cassandra service.";
default = pkgs.jre;
defaultText = "pkgs.jre";
type = types.package;
};
enable = mkEnableOption ''
Apache Cassandra Scalable and highly available database.
'';
user = mkOption {
description = "User that runs cassandra service.";
default = "cassandra";
type = types.string;
type = types.str;
default = defaultUser;
description = "Run Apache Cassandra under this user.";
};
group = mkOption {
description = "Group that runs cassandra service.";
default = "cassandra";
type = types.string;
};
envFile = mkOption {
description = "path to cassandra-env.sh";
default = "${cassandraPackage}/conf/cassandra-env.sh";
defaultText = "\${cassandraPackage}/conf/cassandra-env.sh";
type = types.path;
};
clusterName = mkOption {
description = "set cluster name";
default = "cassandra";
example = "prod-cluster0";
type = types.string;
};
commitLogDirectory = mkOption {
description = "directory for commit logs";
default = "/var/lib/cassandra/commit_log";
type = types.string;
};
savedCachesDirectory = mkOption {
description = "directory for saved caches";
default = "/var/lib/cassandra/saved_caches";
type = types.string;
};
hintedHandOff = mkOption {
description = "enable hinted handoff";
default = true;
type = types.bool;
};
hintedHandOffThrottle = mkOption {
description = "hinted hand off throttle rate in kb";
default = 1024;
type = types.int;
};
commitLogSync = mkOption {
description = "commitlog sync method";
default = "periodic";
type = types.str;
example = "batch";
default = defaultUser;
description = "Run Apache Cassandra under this group.";
};
commitLogSyncPeriod = mkOption {
description = "commitlog sync period in ms ";
default = 10000;
type = types.int;
};
envScript = mkOption {
default = "${cassandraPackage}/conf/cassandra-env.sh";
defaultText = "\${cassandraPackage}/conf/cassandra-env.sh";
homeDir = mkOption {
type = types.path;
description = "Supply your own cassandra-env.sh rather than using the default";
default = "/var/lib/cassandra";
description = ''
Home directory for Apache Cassandra.
'';
};
extraParams = mkOption {
description = "add additional lines to cassandra-env.sh";
package = mkOption {
type = types.package;
default = pkgs.cassandra;
defaultText = "pkgs.cassandra";
example = literalExample "pkgs.cassandra_3_11";
description = ''
The Apache Cassandra package to use.
'';
};
jvmOpts = mkOption {
type = types.listOf types.str;
default = [];
example = [''JVM_OPTS="$JVM_OPTS -Dcassandra.available_processors=1"''];
type = types.listOf types.str;
};
dataDirs = mkOption {
type = types.listOf types.path;
default = [ "/var/lib/cassandra/data" ];
description = "Data directories for cassandra";
};
logLevel = mkOption {
type = types.str;
default = "INFO";
description = "default logging level for log4j";
};
internodeEncryption = mkOption {
description = "enable internode encryption";
default = "none";
example = "all";
type = types.str;
};
clientEncryption = mkOption {
description = "enable client encryption";
default = false;
type = types.bool;
};
trustStorePath = mkOption {
description = "path to truststore";
default = ".conf/truststore";
type = types.str;
};
keyStorePath = mkOption {
description = "path to keystore";
default = ".conf/keystore";
type = types.str;
};
keyStorePassword = mkOption {
description = "password to keystore";
default = "cassandra";
type = types.str;
};
trustStorePassword = mkOption {
description = "password to truststore";
default = "cassandra";
type = types.str;
};
seeds = mkOption {
description = "password to truststore";
default = [ "127.0.0.1" ];
type = types.listOf types.str;
};
concurrentWrites = mkOption {
description = "number of concurrent writes allowed";
default = 32;
type = types.int;
};
concurrentReads = mkOption {
description = "number of concurrent reads allowed";
default = 32;
type = types.int;
description = ''
Populate the JVM_OPT environment variable.
'';
};
listenAddress = mkOption {
description = "listen address";
default = "localhost";
type = types.str;
type = types.nullOr types.str;
default = "127.0.0.1";
example = literalExample "null";
description = ''
Address or interface to bind to and tell other Cassandra nodes
to connect to. You _must_ change this if you want multiple
nodes to be able to communicate!
Set listenAddress OR listenInterface, not both.
Leaving it blank leaves it up to
InetAddress.getLocalHost(). This will always do the Right
Thing _if_ the node is properly configured (hostname, name
resolution, etc), and the Right Thing is to use the address
associated with the hostname (it might not be).
Setting listen_address to 0.0.0.0 is always wrong.
'';
};
listenInterface = mkOption {
type = types.nullOr types.str;
default = null;
example = "eth1";
description = ''
Set listenAddress OR listenInterface, not both. Interfaces
must correspond to a single address, IP aliasing is not
supported.
'';
};
rpcAddress = mkOption {
description = "rpc listener address";
default = "localhost";
type = types.str;
};
incrementalBackups = mkOption {
description = "enable incremental backups";
default = false;
type = types.bool;
};
snitch = mkOption {
description = "snitch to use for topology discovery";
default = "GossipingPropertyFileSnitch";
example = "Ec2Snitch";
type = types.str;
};
dc = mkOption {
description = "datacenter for use in topology configuration";
default = "DC1";
example = "DC1";
type = types.str;
};
rack = mkOption {
description = "rack for use in topology configuration";
default = "RAC1";
example = "RAC1";
type = types.str;
};
authorizer = mkOption {
description = "
Authorization backend, implementing IAuthorizer; used to limit access/provide permissions
";
default = "AllowAllAuthorizer";
example = "CassandraAuthorizer";
type = types.str;
};
authenticator = mkOption {
description = "
Authentication backend, implementing IAuthenticator; used to identify users
";
default = "AllowAllAuthenticator";
example = "PasswordAuthenticator";
type = types.str;
};
autoBootstrap = mkOption {
description = "It makes new (non-seed) nodes automatically migrate the right data to themselves.";
default = true;
type = types.bool;
};
streamingSocketTimoutInMS = mkOption {
description = "Enable or disable socket timeout for streaming operations";
default = 3600000; #CASSANDRA-8611
example = 120;
type = types.int;
};
repairStartAt = mkOption {
default = "Sun";
type = types.string;
type = types.nullOr types.str;
default = "127.0.0.1";
example = literalExample "null";
description = ''
Defines realtime (i.e. wallclock) timers with calendar event
expressions. For more details re: systemd OnCalendar at
https://www.freedesktop.org/software/systemd/man/systemd.time.html#Displaying%20Time%20Spans
'';
example = ["weekly" "daily" "08:05:40" "mon,fri *-1/2-1,3 *:30:45"];
};
repairRandomizedDelayInSec = mkOption {
default = 0;
type = types.int;
description = ''Delay the timer by a randomly selected, evenly distributed
amount of time between 0 and the specified time value. re: systemd timer
RandomizedDelaySec for more details
The address or interface to bind the native transport server to.
Set rpcAddress OR rpcInterface, not both.
Leaving rpcAddress blank has the same effect as on
listenAddress (i.e. it will be based on the configured hostname
of the node).
Note that unlike listenAddress, you can specify 0.0.0.0, but you
must also set extraConfig.broadcast_rpc_address to a value other
than 0.0.0.0.
For security reasons, you should not expose this port to the
internet. Firewall it if needed.
'';
};
repairPostStop = mkOption {
rpcInterface = mkOption {
type = types.nullOr types.str;
default = null;
type = types.nullOr types.string;
example = "eth1";
description = ''
Run a script when repair is over. One can use it to send statsd events, email, etc.
Set rpcAddress OR rpcInterface, not both. Interfaces must
correspond to a single address, IP aliasing is not supported.
'';
};
repairPostStart = mkOption {
default = null;
type = types.nullOr types.string;
extraConfig = mkOption {
type = types.attrs;
default = {};
example =
{ commitlog_sync_batch_window_in_ms = 3;
};
description = ''
Run a script when repair starts. One can use it to send statsd events, email, etc.
It has same semantics as systemd ExecStopPost; So, if it fails, unit is consisdered
failed.
Extra options to be merged into cassandra.yaml as nix attribute set.
'';
};
fullRepairInterval = mkOption {
type = types.nullOr types.str;
default = "3w";
example = literalExample "null";
description = ''
Set the interval how often full repairs are run, i.e.
`nodetool repair --full` is executed. See
https://cassandra.apache.org/doc/latest/operating/repair.html
for more information.
Set to `null` to disable full repairs.
'';
};
fullRepairOptions = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--partitioner-range" ];
description = ''
Options passed through to the full repair command.
'';
};
incrementalRepairInterval = mkOption {
type = types.nullOr types.str;
default = "3d";
example = literalExample "null";
description = ''
Set the interval how often incremental repairs are run, i.e.
`nodetool repair` is executed. See
https://cassandra.apache.org/doc/latest/operating/repair.html
for more information.
Set to `null` to disable incremental repairs.
'';
};
incrementalRepairOptions = mkOption {
type = types.listOf types.string;
default = [];
example = [ "--partitioner-range" ];
description = ''
Options passed through to the incremental repair command.
'';
};
};
###### implementation
config = mkIf cfg.enable {
environment.etc."cassandra/cassandra-rackdc.properties" = {
source = cassandraRackFile;
};
environment.etc."cassandra/cassandra.yaml" = {
source = cassandraConfFile;
};
environment.etc."cassandra/log4j-server.properties" = {
source = cassandraLogFile;
};
environment.etc."cassandra/cassandra-env.sh" = {
text = ''
${builtins.readFile cfg.envFile}
${concatStringsSep "\n" cfg.extraParams}
'';
};
systemd.services.cassandra = {
description = "Cassandra Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = cassandraEnvironment;
restartTriggers = [ cassandraConfFile cassandraLogFile cassandraRackFile ];
serviceConfig = {
User = cfg.user;
PermissionsStartOnly = true;
LimitAS = "infinity";
LimitNOFILE = "100000";
LimitNPROC = "32768";
LimitMEMLOCK = "infinity";
};
script = ''
${cassandraPackage}/bin/cassandra -f
'';
path = [
cfg.jre
cassandraPackage
pkgs.coreutils
assertions =
[ { assertion =
((isNull cfg.listenAddress)
|| (isNull cfg.listenInterface)
) && !((isNull cfg.listenAddress)
&& (isNull cfg.listenInterface)
);
message = "You have to set either listenAddress or listenInterface";
}
{ assertion =
((isNull cfg.rpcAddress)
|| (isNull cfg.rpcInterface)
) && !((isNull cfg.rpcAddress)
&& (isNull cfg.rpcInterface)
);
message = "You have to set either rpcAddress or rpcInterface";
}
];
preStart = ''
mkdir -m 0700 -p /etc/cassandra/triggers
mkdir -m 0700 -p /var/lib/cassandra /var/log/cassandra
chown ${cfg.user} /var/lib/cassandra /var/log/cassandra /etc/cassandra/triggers
'';
postStart = ''
sleep 2
while ! nodetool status >/dev/null 2>&1; do
sleep 2
done
nodetool status
'';
users = mkIf (cfg.user == defaultUser) {
extraUsers."${defaultUser}" =
{ group = cfg.group;
home = cfg.homeDir;
createHome = true;
uid = config.ids.uids.cassandra;
description = "Cassandra service user";
};
extraGroups."${defaultUser}".gid = config.ids.gids.cassandra;
};
environment.systemPackages = [ cassandraPackage ];
networking.firewall.allowedTCPPorts = [
7000
7001
9042
9160
];
users.users.cassandra =
if config.ids.uids ? "cassandra"
then { uid = config.ids.uids.cassandra; } // cassandraUser
else cassandraUser ;
boot.kernel.sysctl."vm.swappiness" = pkgs.lib.mkOptionDefault 0;
systemd.timers."cassandra-repair" = {
timerConfig = {
OnCalendar = "${toString cfg.repairStartAt}";
RandomizedDelaySec = cfg.repairRandomizedDelayInSec;
systemd.services.cassandra =
{ description = "Apache Cassandra service";
after = [ "network.target" ];
environment =
{ CASSANDRA_CONF = "${cassandraEtc}";
JVM_OPTS = builtins.concatStringsSep " " cfg.jvmOpts;
};
wantedBy = [ "multi-user.target" ];
serviceConfig =
{ User = cfg.user;
Group = cfg.group;
ExecStart = "${cfg.package}/bin/cassandra -f";
SuccessExitStatus = 143;
};
};
};
systemd.services."cassandra-repair" = {
description = "Cassandra repair daemon";
environment = cassandraEnvironment;
script = "${cassandraPackage}/bin/nodetool repair -pr";
postStop = mkIf (cfg.repairPostStop != null) cfg.repairPostStop;
postStart = mkIf (cfg.repairPostStart != null) cfg.repairPostStart;
serviceConfig = {
User = cfg.user;
systemd.services.cassandra-full-repair =
{ description = "Perform a full repair on this Cassandra node";
after = [ "cassandra.service" ];
requires = [ "cassandra.service" ];
serviceConfig =
{ User = cfg.user;
Group = cfg.group;
ExecStart =
lib.concatStringsSep " "
([ "${cfg.package}/bin/nodetool" "repair" "--full"
] ++ cfg.fullRepairOptions);
};
};
systemd.timers.cassandra-full-repair =
mkIf (!isNull cfg.fullRepairInterval) {
description = "Schedule full repairs on Cassandra";
wantedBy = [ "timers.target" ];
timerConfig =
{ OnBootSec = cfg.fullRepairInterval;
OnUnitActiveSec = cfg.fullRepairInterval;
Persistent = true;
};
};
systemd.services.cassandra-incremental-repair =
{ description = "Perform an incremental repair on this cassandra node.";
after = [ "cassandra.service" ];
requires = [ "cassandra.service" ];
serviceConfig =
{ User = cfg.user;
Group = cfg.group;
ExecStart =
lib.concatStringsSep " "
([ "${cfg.package}/bin/nodetool" "repair"
] ++ cfg.incrementalRepairOptions);
};
};
systemd.timers.cassandra-incremental-repair =
mkIf (!isNull cfg.incrementalRepairInterval) {
description = "Schedule incremental repairs on Cassandra";
wantedBy = [ "timers.target" ];
timerConfig =
{ OnBootSec = cfg.incrementalRepairInterval;
OnUnitActiveSec = cfg.incrementalRepairInterval;
Persistent = true;
};
};
};
};
}

35
nixos/modules/services/desktops/geoclue2.nix
View File

@ -4,6 +4,10 @@
with lib;
let
# the demo agent isn't built by default, but we need it here
package = pkgs.geoclue2.override { withDemoAgent = config.services.geoclue2.enableDemoAgent; };
in
{
###### interface
@ -21,21 +25,42 @@ with lib;
'';
};
enableDemoAgent = mkOption {
type = types.bool;
default = true;
description = ''
Whether to use the GeoClue demo agent. This should be
overridden by desktop environments that provide their own
agent.
'';
};
};
};
###### implementation
config = mkIf config.services.geoclue2.enable {
environment.systemPackages = [ pkgs.geoclue2 ];
environment.systemPackages = [ package ];
services.dbus.packages = [ pkgs.geoclue2 ];
systemd.packages = [ pkgs.geoclue2 ];
services.dbus.packages = [ package ];
systemd.packages = [ package ];
# this needs to run as a user service, since it's associated with the
# user who is making the requests
systemd.user.services = mkIf config.services.geoclue2.enableDemoAgent {
"geoclue-agent" = {
description = "Geoclue agent";
script = "${package}/libexec/geoclue-2.0/demos/agent";
# this should really be `partOf = [ "geoclue.service" ]`, but
# we can't be part of a system service, and the agent should
# be okay with the main service coming and going
wantedBy = [ "default.target" ];
};
};
};
}

8
nixos/modules/services/editors/infinoted.nix
View File

@ -10,8 +10,8 @@ in {
package = mkOption {
type = types.package;
default = pkgs.libinfinity.override { daemon = true; };
defaultText = "pkgs.libinfinity.override { daemon = true; }";
default = pkgs.libinfinity;
defaultText = "pkgs.libinfinity";
description = ''
Package providing infinoted
'';
@ -119,7 +119,7 @@ in {
users.groups = optional (cfg.group == "infinoted")
{ name = "infinoted";
};
systemd.services.infinoted =
{ description = "Gobby Dedicated Server";
@ -129,7 +129,7 @@ in {
serviceConfig = {
Type = "simple";
Restart = "always";
ExecStart = "${cfg.package}/bin/infinoted-${versions.majorMinor cfg.package.version} --config-file=/var/lib/infinoted/infinoted.conf";
ExecStart = "${cfg.package.infinoted} --config-file=/var/lib/infinoted/infinoted.conf";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;

7
nixos/modules/services/hardware/fwupd.nix
View File

@ -71,6 +71,13 @@ in {
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
'';
};
"fwupd/uefi.conf" = {
source = pkgs.writeText "uefi.conf" ''
[uefi]
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
'';
};
} // originalEtc // extraTrustedKeys;
services.dbus.packages = [ pkgs.fwupd ];

2
nixos/modules/services/misc/disnix.nix
View File

@ -47,7 +47,7 @@ in
###### implementation
config = mkIf cfg.enable {
services.dysnomia.enable = true;
dysnomia.enable = true;
environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService;

37
nixos/modules/services/misc/docker-registry.nix
View File

@ -5,6 +5,43 @@ with lib;
let
cfg = config.services.dockerRegistry;
blobCache = if cfg.enableRedisCache
then "redis"
else "inmemory";
registryConfig = {
version = "0.1";
log.fields.service = "registry";
storage = {
cache.blobdescriptor = blobCache;
filesystem.rootdirectory = cfg.storagePath;
delete.enabled = cfg.enableDelete;
};
http = {
addr = ":${builtins.toString cfg.port}";
headers.X-Content-Type-Options = ["nosniff"];
};
health.storagedriver = {
enabled = true;
interval = "10s";
threshold = 3;
};
};
registryConfig.redis = mkIf cfg.enableRedisCache {
addr = "${cfg.redisUrl}";
password = "${cfg.redisPassword}";
db = 0;
dialtimeout = "10ms";
readtimeout = "10ms";
writetimeout = "10ms";
pool = {
maxidle = 16;
maxactive = 64;
idletimeout = "300s";
};
};
configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (recursiveUpdate registryConfig cfg.extraConfig));
in {

10
nixos/modules/services/misc/dysnomia.nix
View File

@ -3,7 +3,7 @@
with lib;
let
cfg = config.services.dysnomia;
cfg = config.dysnomia;
printProperties = properties:
concatMapStrings (propertyName:
@ -69,7 +69,7 @@ let
in
{
options = {
services.dysnomia = {
dysnomia = {
enable = mkOption {
type = types.bool;
@ -142,7 +142,7 @@ in
environment.systemPackages = [ cfg.package ];
services.dysnomia.package = pkgs.dysnomia.override (origArgs: {
dysnomia.package = pkgs.dysnomia.override (origArgs: {
enableApacheWebApplication = config.services.httpd.enable;
enableAxis2WebService = config.services.tomcat.axis2.enable;
enableEjabberdDump = config.services.ejabberd.enable;
@ -153,7 +153,7 @@ in
enableMongoDatabase = config.services.mongodb.enable;
});
services.dysnomia.properties = {
dysnomia.properties = {
hostname = config.networking.hostName;
inherit (config.nixpkgs.localSystem) system;
@ -171,7 +171,7 @@ in
}}");
};
services.dysnomia.containers = lib.recursiveUpdate ({
dysnomia.containers = lib.recursiveUpdate ({
process = {};
wrapper = {};
}

2
nixos/modules/services/networking/dhcpcd.nix
View File

@ -161,8 +161,8 @@ in
{ description = "DHCP Client";
wantedBy = [ "multi-user.target" ] ++ optional (!hasDefaultGatewaySet) "network-online.target";
after = [ "network.target" ];
wants = [ "network.target" ];
before = [ "network.target" ];
# Stopping dhcpcd during a reconfiguration is undesirable
# because it brings down the network interfaces configured by

12
nixos/modules/services/networking/wpa_supplicant.nix
View File

@ -8,6 +8,7 @@ let
${optionalString cfg.userControlled.enable ''
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=${cfg.userControlled.group}
update_config=1''}
${cfg.extraConfig}
${concatStringsSep "\n" (mapAttrsToList (ssid: config: with config; let
key = if psk != null
then ''"${psk}"''
@ -165,6 +166,17 @@ in {
description = "Members of this group can control wpa_supplicant.";
};
};
extraConfig = mkOption {
type = types.str;
default = "";
example = ''
p2p_disabled=1
'';
description = ''
Extra lines appended to the configuration file.
See wpa_supplicant.conf(5) for available options.
'';
};
};
};

15
nixos/modules/services/networking/zerotierone.nix
View File

@ -17,6 +17,15 @@ in
'';
};
options.services.zerotierone.port = mkOption {
default = 9993;
example = 9993;
type = types.int;
description = ''
Network port used by ZeroTier.
'';
};
options.services.zerotierone.package = mkOption {
default = pkgs.zerotierone;
defaultText = "pkgs.zerotierone";
@ -40,7 +49,7 @@ in
touch "/var/lib/zerotier-one/networks.d/${netId}.conf"
'') cfg.joinNetworks);
serviceConfig = {
ExecStart = "${cfg.package}/bin/zerotier-one";
ExecStart = "${cfg.package}/bin/zerotier-one -p${toString cfg.port}";
Restart = "always";
KillMode = "process";
};
@ -49,8 +58,8 @@ in
# ZeroTier does not issue DHCP leases, but some strangers might...
networking.dhcpcd.denyInterfaces = [ "zt*" ];
# ZeroTier receives UDP transmissions on port 9993 by default
networking.firewall.allowedUDPPorts = [ 9993 ];
# ZeroTier receives UDP transmissions
networking.firewall.allowedUDPPorts = [ cfg.port ];
environment.systemPackages = [ cfg.package ];
};

194
nixos/modules/services/security/certmgr.nix Normal file
View File

@ -0,0 +1,194 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.certmgr;
specs = mapAttrsToList (n: v: rec {
name = n + ".json";
path = if isAttrs v then pkgs.writeText name (builtins.toJSON v) else v;
}) cfg.specs;
allSpecs = pkgs.linkFarm "certmgr.d" specs;
certmgrYaml = pkgs.writeText "certmgr.yaml" (builtins.toJSON {
dir = allSpecs;
default_remote = cfg.defaultRemote;
svcmgr = cfg.svcManager;
before = cfg.validMin;
interval = cfg.renewInterval;
inherit (cfg) metricsPort metricsAddress;
});
specPaths = map dirOf (concatMap (spec:
if isAttrs spec then
collect isString (filterAttrsRecursive (n: v: isAttrs v || n == "path") spec)
else
[ spec ]
) (attrValues cfg.specs));
preStart = ''
${concatStringsSep " \\\n" (["mkdir -p"] ++ map escapeShellArg specPaths)}
${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml} check
'';
in
{
options.services.certmgr = {
enable = mkEnableOption "certmgr";
defaultRemote = mkOption {
type = types.str;
default = "127.0.0.1:8888";
description = "The default CA host:port to use.";
};
validMin = mkOption {
default = "72h";
type = types.str;
description = "The interval before a certificate expires to start attempting to renew it.";
};
renewInterval = mkOption {
default = "30m";
type = types.str;
description = "How often to check certificate expirations and how often to update the cert_next_expires metric.";
};
metricsAddress = mkOption {
default = "127.0.0.1";
type = types.str;
description = "The address for the Prometheus HTTP endpoint.";
};
metricsPort = mkOption {
default = 9488;
type = types.ints.u16;
description = "The port for the Prometheus HTTP endpoint.";
};
specs = mkOption {
default = {};
example = literalExample ''
{
exampleCert =
let
domain = "example.com";
secret = name: "/var/lib/secrets/''${name}.pem";
in {
service = "nginx";
action = "reload";
authority = {
file.path = secret "ca";
};
certificate = {
path = secret domain;
};
private_key = {
owner = "root";
group = "root";
mode = "0600";
path = secret "''${domain}-key";
};
request = {
CN = domain;
hosts = [ "mail.''${domain}" "www.''${domain}" ];
key = {
algo = "rsa";
size = 2048;
};
names = {
O = "Example Organization";
C = "USA";
};
};
};
otherCert = "/var/certmgr/specs/other-cert.json";
}
'';
type = with types; attrsOf (either (submodule {
options = {
service = mkOption {
type = nullOr str;
default = null;
description = "The service on which to perform &lt;action&gt; after fetching.";
};
action = mkOption {
type = addCheck str (x: cfg.svcManager == "command" || elem x ["restart" "reload" "nop"]);
default = "nop";
description = "The action to take after fetching.";
};
# These ought all to be specified according to certmgr spec def.
authority = mkOption {
type = attrs;
description = "certmgr spec authority object.";
};
certificate = mkOption {
type = nullOr attrs;
description = "certmgr spec certificate object.";
};
private_key = mkOption {
type = nullOr attrs;
description = "certmgr spec private_key object.";
};
request = mkOption {
type = nullOr attrs;
description = "certmgr spec request object.";
};
};
}) path);
description = ''
Certificate specs as described by:
<link xlink:href="https://github.com/cloudflare/certmgr#certificate-specs" />
These will be added to the Nix store, so they will be world readable.
'';
};
svcManager = mkOption {
default = "systemd";
type = types.enum [ "circus" "command" "dummy" "openrc" "systemd" "sysv" ];
description = ''
This specifies the service manager to use for restarting or reloading services.
See: <link xlink:href="https://github.com/cloudflare/certmgr#certmgryaml" />.
For how to use the "command" service manager in particular,
see: <link xlink:href="https://github.com/cloudflare/certmgr#command-svcmgr-and-how-to-use-it" />.
'';
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.specs != {};
message = "Certmgr specs cannot be empty.";
}
{
assertion = !any (hasAttrByPath [ "authority" "auth_key" ]) (attrValues cfg.specs);
message = ''
Inline services.certmgr.specs are added to the Nix store rendering them world readable.
Specify paths as specs, if you want to use include auth_key - or use the auth_key_file option."
'';
}
];
systemd.services.certmgr = {
description = "certmgr";
path = mkIf (cfg.svcManager == "command") [ pkgs.bash ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
inherit preStart;
serviceConfig = {
Restart = "always";
RestartSec = "10s";
ExecStart = "${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml}";
};
};
};
}

22
nixos/modules/services/security/vault.nix
View File

@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.vault;
@ -24,15 +25,22 @@ let
${cfg.telemetryConfig}
}
''}
${cfg.extraConfig}
'';
in
{
options = {
services.vault = {
enable = mkEnableOption "Vault daemon";
package = mkOption {
type = types.package;
default = pkgs.vault;
defaultText = "pkgs.vault";
description = "This option specifies the vault package to use.";
};
address = mkOption {
type = types.str;
default = "127.0.0.1:8200";
@ -58,7 +66,7 @@ in
default = ''
tls_min_version = "tls12"
'';
description = "extra configuration";
description = "Extra text appended to the listener section.";
};
storageBackend = mkOption {
@ -84,6 +92,12 @@ in
default = "";
description = "Telemetry configuration";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra text appended to <filename>vault.hcl</filename>.";
};
};
};
@ -122,7 +136,7 @@ in
User = "vault";
Group = "vault";
PermissionsStartOnly = true;
ExecStart = "${pkgs.vault}/bin/vault server -config ${configFile}";
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
PrivateDevices = true;
PrivateTmp = true;
ProtectSystem = "full";

13
nixos/modules/services/system/cloud-init.nix
View File

@ -104,8 +104,9 @@ in
systemd.services.cloud-init =
{ description = "Initial cloud-init job (metadata service crawler)";
wantedBy = [ "multi-user.target" ];
wants = [ "local-fs.target" "cloud-init-local.service" "sshd.service" "sshd-keygen.service" ];
after = [ "local-fs.target" "network.target" "cloud-init-local.service" ];
wants = [ "local-fs.target" "network-online.target" "cloud-init-local.service"
"sshd.service" "sshd-keygen.service" ];
after = [ "local-fs.target" "network-online.target" "cloud-init-local.service" ];
before = [ "sshd.service" "sshd-keygen.service" ];
requires = [ "network.target "];
path = path;
@ -121,8 +122,8 @@ in
systemd.services.cloud-config =
{ description = "Apply the settings specified in cloud-config";
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
after = [ "network.target" "syslog.target" "cloud-config.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" "syslog.target" "cloud-config.target" ];
path = path;
serviceConfig =
@ -137,8 +138,8 @@ in
systemd.services.cloud-final =
{ description = "Execute cloud user/final scripts";
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
after = [ "network.target" "syslog.target" "cloud-config.service" "rc-local.service" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" "syslog.target" "cloud-config.service" "rc-local.service" ];
requires = [ "cloud-config.target" ];
path = path;
serviceConfig =

10
nixos/modules/services/system/localtime.nix
View File

@ -22,14 +22,8 @@ in {
config = mkIf cfg.enable {
services.geoclue2.enable = true;
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.timedate1.set-timezone"
&& subject.user == "localtimed") {
return polkit.Result.YES;
}
});
'';
# so polkit will pick up the rules
environment.systemPackages = [ pkgs.localtime ];
users.users = [{
name = "localtimed";

4
nixos/modules/services/web-apps/youtrack.nix
View File

@ -118,14 +118,14 @@ in
systemd.services.youtrack = {
environment.HOME = cfg.statePath;
environment.YOUTRACK_JVM_OPTS = "-Xmx${cfg.maxMemory} -XX:MaxMetaspaceSize=${cfg.maxMetaspaceSize} ${cfg.jvmOpts} ${extraAttr}";
environment.YOUTRACK_JVM_OPTS = "${extraAttr}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "youtrack";
Group = "youtrack";
ExecStart = ''${cfg.package}/bin/youtrack ${cfg.address}:${toString cfg.port}'';
ExecStart = ''${cfg.package}/bin/youtrack --J-Xmx${cfg.maxMemory} --J-XX:MaxMetaspaceSize=${cfg.maxMetaspaceSize} ${cfg.jvmOpts} ${cfg.address}:${toString cfg.port}'';
};
};

2
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -97,6 +97,8 @@ in {
services.udisks2.enable = true;
services.accounts-daemon.enable = true;
services.geoclue2.enable = mkDefault true;
# GNOME should have its own geoclue agent
services.geoclue2.enableDemoAgent = false;
services.dleyna-renderer.enable = mkDefault true;
services.dleyna-server.enable = mkDefault true;
services.gnome3.at-spi2-core.enable = true;

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -224,7 +224,7 @@ in
# Update the start menu for each user that has `isNormalUser` set.
system.activationScripts.plasmaSetup = stringAfter [ "users" "groups" ]
(concatStringsSep "\n"
(mapAttrsToList (name: value: "${pkgs.su}/bin/su ${name} -c kbuildsycoca5")
(mapAttrsToList (name: value: "${pkgs.su}/bin/su ${name} -c ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5")
(filterAttrs (n: v: v.isNormalUser) config.users.users)));
})
];

4
nixos/modules/services/x11/display-managers/default.nix
View File

@ -56,10 +56,6 @@ let
# Start PulseAudio if enabled.
${optionalString (config.hardware.pulseaudio.enable) ''
${optionalString (!config.hardware.pulseaudio.systemWide)
"${config.hardware.pulseaudio.package.out}/bin/pulseaudio --start"
}
# Publish access credentials in the root window.
if ${config.hardware.pulseaudio.package.out}/bin/pulseaudio --dump-modules | grep module-x11-publish &> /dev/null; then
${config.hardware.pulseaudio.package.out}/bin/pactl load-module module-x11-publish "display=$DISPLAY"

1
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -265,6 +265,7 @@ in
};
environment.etc."sddm.conf".source = cfgFile;
environment.pathsToLink = [ "/share/sddm/themes" ];
users.groups.sddm.gid = config.ids.gids.sddm;

3
nixos/modules/services/x11/redshift.nix
View File

@ -116,6 +116,9 @@ in {
}
];
# needed so that .desktop files are installed, which geoclue cares about
environment.systemPackages = [ cfg.package ];
services.geoclue2.enable = mkIf (cfg.provider == "geoclue2") true;
systemd.user.services.redshift =

12
nixos/modules/services/x11/window-managers/metacity.nix
View File

@ -5,9 +5,7 @@ with lib;
let
cfg = config.services.xserver.windowManager.metacity;
xorg = config.services.xserver.package;
gnome = pkgs.gnome;
inherit (pkgs) gnome3;
in
{
@ -20,16 +18,12 @@ in
services.xserver.windowManager.session = singleton
{ name = "metacity";
start = ''
env LD_LIBRARY_PATH=${lib.makeLibraryPath [ xorg.libX11 xorg.libXext ]}:/usr/lib/
# !!! Hack: load the schemas for Metacity.
GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf.out}/bin/gconftool-2 \
--makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */
${gnome.metacity}/bin/metacity &
${gnome3.metacity}/bin/metacity &
waitPID=$!
'';
};
environment.systemPackages = [ gnome.metacity ];
environment.systemPackages = [ gnome3.metacity ];
};

2
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
View File

@ -42,7 +42,7 @@ def write_loader_conf(profile, generation):
else:
f.write("default nixos-generation-%d\n" % (generation))
if not @editor@:
f.write("editor 0");
f.write("editor 0\n");
f.write("console-mode @consoleMode@\n");
os.rename("@efiSysMountPoint@/loader/loader.conf.tmp", "@efiSysMountPoint@/loader/loader.conf")

345
nixos/modules/system/boot/luksroot.nix
View File

@ -5,61 +5,171 @@ with lib;
let
luks = config.boot.initrd.luks;
openCommand = name': { name, device, header, keyFile, keyFileSize, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name; ''
commonFunctions = ''
die() {
echo "$@" >&2
exit 1
}
# Wait for a target (e.g. device, keyFile, header, ...) to appear.
wait_target() {
local name="$1"
local target="$2"
local secs="''${3:-10}"
local desc="''${4:-$name $target to appear}"
if [ ! -e $target ]; then
echo -n "Waiting 10 seconds for $name $target to appear"
echo -n "Waiting $secs seconds for $desc..."
local success=false;
for try in $(seq 10); do
for try in $(seq $secs); do
echo -n "."
sleep 1
if [ -e $target ]; then success=true break; fi
if [ -e $target ]; then
success=true
break
fi
done
if [ $success = true ]; then
if [ $success == true ]; then
echo " - success";
return 0
else
echo " - failure";
return 1
fi
fi
return 0
}
wait_yubikey() {
local secs="''${1:-10}"
ykinfo -v 1>/dev/null 2>&1
if [ $? != 0 ]; then
echo -n "Waiting $secs seconds for Yubikey to appear..."
local success=false
for try in $(seq $secs); do
echo -n .
sleep 1
ykinfo -v 1>/dev/null 2>&1
if [ $? == 0 ]; then
success=true
break
fi
done
if [ $success == true ]; then
echo " - success";
return 0
else
echo " - failure";
return 1
fi
fi
return 0
}
'';
preCommands = ''
# A place to store crypto things
# A ramfs is used here to ensure that the file used to update
# the key slot with cryptsetup will never get swapped out.
# Warning: Do NOT replace with tmpfs!
mkdir -p /crypt-ramfs
mount -t ramfs none /crypt-ramfs
# For Yubikey salt storage
mkdir -p /crypt-storage
# Disable all input echo for the whole stage. We could use read -s
# instead but that would ocasionally leak characters between read
# invocations.
stty -echo
'';
postCommands = ''
stty echo
umount /crypt-storage 2>/dev/null
umount /crypt-ramfs 2>/dev/null
'';
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name;
let
csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
in ''
# Wait for luksRoot (and optionally keyFile and/or header) to appear, e.g.
# if on a USB drive.
wait_target "device" ${device}
${optionalString (keyFile != null) ''
wait_target "key file" ${keyFile}
''}
wait_target "device" ${device} || die "${device} is unavailable"
${optionalString (header != null) ''
wait_target "header" ${header}
wait_target "header" ${header} || die "${header} is unavailable"
''}
open_normally() {
echo luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \
${optionalString (header != null) "--header=${header}"} \
> /.luksopen_args
${optionalString (keyFile != null) ''
${optionalString fallbackToPassword "if [ -e ${keyFile} ]; then"}
echo " --key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}" \
>> /.luksopen_args
${optionalString fallbackToPassword ''
else
echo "keyfile ${keyFile} not found -- fallback to interactive unlocking"
fi
''}
''}
cryptsetup-askpass
rm /.luksopen_args
do_open_passphrase() {
local passphrase
while true; do
echo -n "Passphrase for ${device}: "
passphrase=
while true; do
if [ -e /crypt-ramfs/passphrase ]; then
echo "reused"
passphrase=$(cat /crypt-ramfs/passphrase)
break
else
# ask cryptsetup-askpass
echo -n "${device}" > /crypt-ramfs/device
# and try reading it from /dev/console with a timeout
IFS= read -t 1 -r passphrase
if [ -n "$passphrase" ]; then
${if luks.reusePassphrases then ''
# remember it for the next device
echo -n "$passphrase" > /crypt-ramfs/passphrase
'' else ''
# Don't save it to ramfs. We are very paranoid
''}
echo
break
fi
fi
done
echo -n "Verifiying passphrase for ${device}..."
echo -n "$passphrase" | ${csopen} --key-file=-
if [ $? == 0 ]; then
echo " - success"
${if luks.reusePassphrases then ''
# we don't rm here because we might reuse it for the next device
'' else ''
rm -f /crypt-ramfs/passphrase
''}
break
else
echo " - failure"
# ask for a different one
rm -f /crypt-ramfs/passphrase
fi
done
}
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
# LUKS
open_normally() {
${if (keyFile != null) then ''
if wait_target "key file" ${keyFile}; then
${csopen} --key-file=${keyFile} \
${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"} \
${optionalString (keyFileOffset != null) "--keyfile-offset=${toString keyFileOffset}"}
else
${if fallbackToPassword then "echo" else "die"} "${keyFile} is unavailable"
echo " - failing back to interactive password prompt"
do_open_passphrase
fi
'' else ''
do_open_passphrase
''}
}
${if luks.yubikeySupport && (yubikey != null) then ''
# Yubikey
rbtohex() {
( od -An -vtx1 | tr -d ' \n' )
}
@ -68,8 +178,7 @@ let
( tr '[:lower:]' '[:upper:]' | sed -e 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf )
}
open_yubikey() {
do_open_yubikey() {
# Make all of these local to this function
# to prevent their values being leaked
local salt
@ -85,19 +194,18 @@ let
local new_response
local new_k_luks
mkdir -p ${yubikey.storage.mountPoint}
mount -t ${yubikey.storage.fsType} ${toString yubikey.storage.device} ${yubikey.storage.mountPoint}
mount -t ${yubikey.storage.fsType} ${yubikey.storage.device} /crypt-storage || \
die "Failed to mount Yubikey salt storage device"
salt="$(cat ${yubikey.storage.mountPoint}${yubikey.storage.path} | sed -n 1p | tr -d '\n')"
iterations="$(cat ${yubikey.storage.mountPoint}${yubikey.storage.path} | sed -n 2p | tr -d '\n')"
salt="$(cat /crypt-storage${yubikey.storage.path} | sed -n 1p | tr -d '\n')"
iterations="$(cat /crypt-storage${yubikey.storage.path} | sed -n 2p | tr -d '\n')"
challenge="$(echo -n $salt | openssl-wrap dgst -binary -sha512 | rbtohex)"
response="$(ykchalresp -${toString yubikey.slot} -x $challenge 2>/dev/null)"
for try in $(seq 3); do
${optionalString yubikey.twoFactor ''
echo -n "Enter two-factor passphrase: "
read -s k_user
read -r k_user
echo
''}
@ -107,9 +215,9 @@ let
k_luks="$(echo | pbkdf2-sha512 ${toString yubikey.keyLength} $iterations $response | rbtohex)"
fi
echo -n "$k_luks" | hextorb | cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} --key-file=-
echo -n "$k_luks" | hextorb | ${csopen} --key-file=-
if [ $? == "0" ]; then
if [ $? == 0 ]; then
opened=true
break
else
@ -118,11 +226,7 @@ let
fi
done
if [ "$opened" == false ]; then
umount ${yubikey.storage.mountPoint}
echo "Maximum authentication errors reached"
exit 1
fi
[ "$opened" == false ] && die "Maximum authentication errors reached"
echo -n "Gathering entropy for new salt (please enter random keys to generate entropy if this blocks for long)..."
for i in $(seq ${toString yubikey.saltLength}); do
@ -147,69 +251,52 @@ let
new_k_luks="$(echo | pbkdf2-sha512 ${toString yubikey.keyLength} $new_iterations $new_response | rbtohex)"
fi
mkdir -p ${yubikey.ramfsMountPoint}
# A ramfs is used here to ensure that the file used to update
# the key slot with cryptsetup will never get swapped out.
# Warning: Do NOT replace with tmpfs!
mount -t ramfs none ${yubikey.ramfsMountPoint}
echo -n "$new_k_luks" | hextorb > /crypt-ramfs/new_key
echo -n "$k_luks" | hextorb | ${cschange} --key-file=- /crypt-ramfs/new_key
echo -n "$new_k_luks" | hextorb > ${yubikey.ramfsMountPoint}/new_key
echo -n "$k_luks" | hextorb | cryptsetup luksChangeKey ${device} --key-file=- ${yubikey.ramfsMountPoint}/new_key
if [ $? == "0" ]; then
echo -ne "$new_salt\n$new_iterations" > ${yubikey.storage.mountPoint}${yubikey.storage.path}
if [ $? == 0 ]; then
echo -ne "$new_salt\n$new_iterations" > /crypt-storage${yubikey.storage.path}
else
echo "Warning: Could not update LUKS key, current challenge persists!"
fi
rm -f ${yubikey.ramfsMountPoint}/new_key
umount ${yubikey.ramfsMountPoint}
rm -rf ${yubikey.ramfsMountPoint}
umount ${yubikey.storage.mountPoint}
rm -f /crypt-ramfs/new_key
umount /crypt-storage
}
${optionalString (yubikey.gracePeriod > 0) ''
echo -n "Waiting ${toString yubikey.gracePeriod} seconds as grace..."
for i in $(seq ${toString yubikey.gracePeriod}); do
sleep 1
echo -n .
done
echo "ok"
''}
open_yubikey() {
if wait_yubikey ${toString yubikey.gracePeriod}; then
do_open_yubikey
else
echo "No yubikey found, falling back to non-yubikey open procedure"
open_normally
fi
}
yubikey_missing=true
ykinfo -v 1>/dev/null 2>&1
if [ $? != "0" ]; then
echo -n "waiting 10 seconds for yubikey to appear..."
for try in $(seq 10); do
sleep 1
ykinfo -v 1>/dev/null 2>&1
if [ $? == "0" ]; then
yubikey_missing=false
break
fi
echo -n .
done
echo "ok"
else
yubikey_missing=false
fi
if [ "$yubikey_missing" == true ]; then
echo "no yubikey found, falling back to non-yubikey open procedure"
open_normally
else
open_yubikey
fi
''}
# open luksRoot and scan for logical volumes
${optionalString ((!luks.yubikeySupport) || (yubikey == null)) ''
open_yubikey
'' else ''
open_normally
''}
'';
askPass = pkgs.writeScriptBin "cryptsetup-askpass" ''
#!/bin/sh
${commonFunctions}
while true; do
wait_target "luks" /crypt-ramfs/device 10 "LUKS to request a passphrase" || die "Passphrase is not requested now"
device=$(cat /crypt-ramfs/device)
echo -n "Passphrase for $device: "
IFS= read -rs passphrase
echo
rm /crypt-ramfs/device
echo -n "$passphrase" > /crypt-ramfs/passphrase
done
'';
preLVM = filterAttrs (n: v: v.preLVM) luks.devices;
postLVM = filterAttrs (n: v: !v.preLVM) luks.devices;
@ -255,6 +342,22 @@ in
'';
};
boot.initrd.luks.reusePassphrases = mkOption {
type = types.bool;
default = true;
description = ''
When opening a new LUKS device try reusing last successful
passphrase.
Useful for mounting a number of devices that use the same
passphrase without retyping it several times.
Such setup can be useful if you use <command>cryptsetup
luksSuspend</command>. Different LUKS devices will still have
different master keys even when using the same passphrase.
'';
};
boot.initrd.luks.devices = mkOption {
default = { };
example = { "luksroot".device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; };
@ -316,6 +419,19 @@ in
'';
};
keyFileOffset = mkOption {
default = null;
example = 4096;
type = types.nullOr types.int;
description = ''
The offset of the key file. Use this in combination with
<literal>keyFileSize</literal> to use part of a file as key file
(often the case if a raw device or partition is used as a key file).
If not specified, the key begins at the first byte of
<literal>keyFile</literal>.
'';
};
# FIXME: get rid of this option.
preLVM = mkOption {
default = true;
@ -383,15 +499,9 @@ in
};
gracePeriod = mkOption {
default = 2;
default = 10;
type = types.int;
description = "Time in seconds to wait before attempting to find the Yubikey.";
};
ramfsMountPoint = mkOption {
default = "/crypt-ramfs";
type = types.str;
description = "Path where the ramfs used to update the LUKS key will be mounted during early boot.";
description = "Time in seconds to wait for the Yubikey.";
};
/* TODO: Add to the documentation of the current module:
@ -414,12 +524,6 @@ in
description = "The filesystem of the unencrypted device.";
};
mountPoint = mkOption {
default = "/crypt-storage";
type = types.str;
description = "Path where the unencrypted device will be mounted during early boot.";
};
path = mkOption {
default = "/crypt-storage/default";
type = types.str;
@ -432,8 +536,8 @@ in
};
});
};
}; }));
};
}));
};
boot.initrd.luks.yubikeySupport = mkOption {
@ -463,18 +567,8 @@ in
# copy the cryptsetup binary and it's dependencies
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup
cat > $out/bin/cryptsetup-askpass <<EOF
#!$out/bin/sh -e
if [ -e /.luksopen_args ]; then
cryptsetup \$(cat /.luksopen_args)
killall -q cryptsetup
else
echo "Passphrase is not requested now"
exit 1
fi
EOF
chmod +x $out/bin/cryptsetup-askpass
copy_bin_and_libs ${askPass}/bin/cryptsetup-askpass
sed -i s,/bin/sh,$out/bin/sh, $out/bin/cryptsetup-askpass
${optionalString luks.yubikeySupport ''
copy_bin_and_libs ${pkgs.yubikey-personalization}/bin/ykchalresp
@ -506,8 +600,9 @@ in
''}
'';
boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM);
boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM);
boot.initrd.preFailCommands = postCommands;
boot.initrd.preLVMCommands = commonFunctions + preCommands + concatStrings (mapAttrsToList openCommand preLVM) + postCommands;
boot.initrd.postDeviceCommands = commonFunctions + preCommands + concatStrings (mapAttrsToList openCommand postLVM) + postCommands;
environment.systemPackages = [ pkgs.cryptsetup ];
};

8
nixos/modules/system/boot/stage-1.nix
View File

@ -248,6 +248,14 @@ let
isExecutable = true;
postInstall = ''
echo checking syntax
# check both with bash
${pkgs.bash}/bin/sh -n $target
# and with ash shell, just in case
${extraUtils}/bin/ash -n $target
'';
inherit udevRules extraUtils modulesClosure;
inherit (config.boot) resumeDevice;

5
nixos/modules/system/boot/systemd.nix
View File

@ -189,9 +189,8 @@ let
];
makeJobScript = name: text:
let mkScriptName = s: (replaceChars [ "\\" ] [ "-" ] (shellEscape s) );
x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${mkScriptName name}"; inherit text; };
in "${x}/bin/${mkScriptName name}";
let mkScriptName = s: "unit-script-" + (replaceChars [ "\\" "@" ] [ "-" "_" ] (shellEscape s) );
in pkgs.writeTextFile { name = mkScriptName name; executable = true; inherit text; };
unitConfig = { config, ... }: {
config = {

35
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -23,12 +23,8 @@ let
kernel = config.boot.kernelPackages;
packages = if config.boot.zfs.enableLegacyCrypto then {
spl = kernel.splLegacyCrypto;
zfs = kernel.zfsLegacyCrypto;
zfsUser = pkgs.zfsLegacyCrypto;
} else if config.boot.zfs.enableUnstable then {
spl = kernel.splUnstable;
packages = if config.boot.zfs.enableUnstable then {
spl = null;
zfs = kernel.zfsUnstable;
zfsUser = pkgs.zfsUnstable;
} else {
@ -117,27 +113,6 @@ in
'';
};
enableLegacyCrypto = mkOption {
type = types.bool;
default = false;
description = ''
Enabling this option will allow you to continue to use the old format for
encrypted datasets. With the inclusion of stability patches the format of
encrypted datasets has changed. They can still be accessed and mounted but
in read-only mode mounted. It is highly recommended to convert them to
the new format.
This option is only for convenience to people that cannot convert their
datasets to the new format yet and it will be removed in due time.
For migration strategies from old format to this new one, check the Wiki:
https://nixos.wiki/wiki/NixOS_on_ZFS#Encrypted_Dataset_Format_Change
See https://github.com/zfsonlinux/zfs/pull/6864 for more details about
the stability patches.
'';
};
extraPools = mkOption {
type = types.listOf types.str;
default = [];
@ -350,12 +325,12 @@ in
virtualisation.lxd.zfsSupport = true;
boot = {
kernelModules = [ "spl" "zfs" ] ;
extraModulePackages = with packages; [ spl zfs ];
kernelModules = [ "zfs" ] ++ optional (!cfgZfs.enableUnstable) "spl";
extraModulePackages = with packages; [ zfs ] ++ optional (!cfgZfs.enableUnstable) spl;
};
boot.initrd = mkIf inInitrd {
kernelModules = [ "spl" "zfs" ];
kernelModules = [ "zfs" ] ++ optional (!cfgZfs.enableUnstable) "spl";
extraUtilsCommands =
''
copy_bin_and_libs ${packages.zfsUser}/sbin/zfs

15
nixos/modules/tasks/trackpoint.nix
View File

@ -55,6 +55,15 @@ with lib;
'';
};
device = mkOption {
default = "TPPS/2 IBM TrackPoint";
type = types.str;
description = ''
The device name of the trackpoint. You can check with xinput.
Some newer devices (example x1c6) use "TPPS/2 Elan TrackPoint".
'';
};
};
};
@ -68,12 +77,12 @@ with lib;
(mkIf cfg.enable {
services.udev.extraRules =
''
ACTION=="add|change", SUBSYSTEM=="input", ATTR{name}=="TPPS/2 IBM TrackPoint", ATTR{device/speed}="${toString cfg.speed}", ATTR{device/sensitivity}="${toString cfg.sensitivity}"
ACTION=="add|change", SUBSYSTEM=="input", ATTR{name}=="${cfg.device}", ATTR{device/speed}="${toString cfg.speed}", ATTR{device/sensitivity}="${toString cfg.sensitivity}"
'';
system.activationScripts.trackpoint =
''
${config.systemd.package}/bin/udevadm trigger --attr-match=name="TPPS/2 IBM TrackPoint"
${config.systemd.package}/bin/udevadm trigger --attr-match=name="${cfg.device}"
'';
})
@ -81,7 +90,7 @@ with lib;
services.xserver.inputClassSections =
[''
Identifier "Trackpoint Wheel Emulation"
MatchProduct "${if cfg.fakeButtons then "PS/2 Generic Mouse" else "ETPS/2 Elantech TrackPoint|Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint"}"
MatchProduct "${if cfg.fakeButtons then "PS/2 Generic Mouse" else "ETPS/2 Elantech TrackPoint|Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint|${cfg.device}"}"
MatchDevicePath "/dev/input/event*"
Option "EmulateWheel" "true"
Option "EmulateWheelButton" "2"

24
nixos/modules/virtualisation/libvirtd.nix
View File

@ -17,6 +17,10 @@ let
${optionalString cfg.qemuOvmf ''
nvram = ["/run/libvirt/nix-ovmf/OVMF_CODE.fd:/run/libvirt/nix-ovmf/OVMF_VARS.fd"]
''}
${optionalString (!cfg.qemuRunAsRoot) ''
user = "qemu-libvirtd"
group = "qemu-libvirtd"
''}
${cfg.qemuVerbatimConfig}
'';
@ -56,6 +60,18 @@ in {
'';
};
virtualisation.libvirtd.qemuRunAsRoot = mkOption {
type = types.bool;
default = true;
description = ''
If true, libvirtd runs qemu as root.
If false, libvirtd runs qemu as unprivileged user qemu-libvirtd.
Changing this option to false may cause file permission issues
for existing guests. To fix these, manually change ownership
of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
'';
};
virtualisation.libvirtd.qemuVerbatimConfig = mkOption {
type = types.lines;
default = ''
@ -110,6 +126,14 @@ in {
users.groups.libvirtd.gid = config.ids.gids.libvirtd;
# libvirtd runs qemu as this user and group by default
users.extraGroups.qemu-libvirtd.gid = config.ids.gids.qemu-libvirtd;
users.extraUsers.qemu-libvirtd = {
uid = config.ids.uids.qemu-libvirtd;
isNormalUser = false;
group = "qemu-libvirtd";
};
systemd.packages = [ pkgs.libvirt ];
systemd.services.libvirtd = {

13
nixos/modules/virtualisation/virtualbox-host.nix
View File

@ -5,7 +5,7 @@ with lib;
let
cfg = config.virtualisation.virtualbox.host;
virtualbox = pkgs.virtualbox.override {
virtualbox = cfg.package.override {
inherit (cfg) enableExtensionPack enableHardening headless;
};
@ -28,7 +28,14 @@ in
'';
};
enableExtensionPack = mkEnableOption "VirtualBox extension pack";
package = mkOption {
type = types.package;
default = pkgs.virtualbox;
defaultText = "pkgs.virtualbox";
description = ''
Which VirtualBox package to use.
'';
};
addNetworkInterface = mkOption {
type = types.bool;
@ -38,6 +45,8 @@ in
'';
};
enableExtensionPack = mkEnableOption "VirtualBox extension pack";
enableHardening = mkOption {
type = types.bool;
default = true;

2
nixos/release.nix
View File

@ -256,6 +256,7 @@ in rec {
tests.buildbot = callTest tests/buildbot.nix {};
tests.cadvisor = callTestOnMatchingSystems ["x86_64-linux"] tests/cadvisor.nix {};
tests.ceph = callTestOnMatchingSystems ["x86_64-linux"] tests/ceph.nix {};
tests.certmgr = callSubTests tests/certmgr.nix {};
tests.cfssl = callTestOnMatchingSystems ["x86_64-linux"] tests/cfssl.nix {};
tests.chromium = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/chromium.nix {}).stable or {};
tests.cjdns = callTest tests/cjdns.nix {};
@ -277,6 +278,7 @@ in rec {
tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {};
tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {};
tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {};
tests.docker-registry = callTest tests/docker-registry.nix {};
tests.dovecot = callTest tests/dovecot.nix {};
tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {};
tests.ecryptfs = callTest tests/ecryptfs.nix {};

89
nixos/tests/cassandra.nix
View File

@ -1,68 +1,71 @@
import ./make-test.nix ({ pkgs, ...}:
let
user = "cassandra";
nodeCfg = nodes: selfIP: cassandraOpts:
{
services.cassandra = {
enable = true;
listenAddress = selfIP;
rpcAddress = "0.0.0.0";
seeds = [ "192.168.1.1" ];
package = pkgs.cassandra_2_0;
jre = pkgs.openjdk;
clusterName = "ci ahoy";
authenticator = "PasswordAuthenticator";
authorizer = "CassandraAuthorizer";
user = user;
} // cassandraOpts;
nixpkgs.config.allowUnfree = true;
# Change this to test a different version of Cassandra:
testPackage = pkgs.cassandra;
cassandraCfg =
{ enable = true;
listenAddress = null;
listenInterface = "eth1";
rpcAddress = null;
rpcInterface = "eth1";
extraConfig =
{ start_native_transport = true;
seed_provider =
[{ class_name = "org.apache.cassandra.locator.SimpleSeedProvider";
parameters = [ { seeds = "cass0"; } ];
}];
};
package = testPackage;
};
nodeCfg = extra: {pkgs, config, ...}:
{ environment.systemPackages = [ testPackage ];
networking.firewall.enable = false;
services.cassandra = cassandraCfg // extra;
virtualisation.memorySize = 1024;
};
in
{
name = "cassandra-ci";
nodes = {
cass0 = { nodes, ... }: nodeCfg nodes "192.168.1.1" {};
cass1 = { nodes, ... }: nodeCfg nodes "192.168.1.2" {};
cass2 = { nodes, ... }: nodeCfg nodes "192.168.1.3" {
extraParams = [
''JVM_OPTS="$JVM_OPTS -Dcassandra.replace_address=192.168.1.2"''
];
listenAddress = "192.168.1.3";
};
cass0 = nodeCfg {};
cass1 = nodeCfg {};
cass2 = nodeCfg { jvmOpts = [ "-Dcassandra.replace_address=cass1" ]; };
};
testScript = ''
subtest "start seed", sub {
subtest "timers exist", sub {
$cass0->succeed("systemctl list-timers | grep cassandra-full-repair.timer");
$cass0->succeed("systemctl list-timers | grep cassandra-incremental-repair.timer");
};
subtest "can connect via cqlsh", sub {
$cass0->waitForUnit("cassandra.service");
$cass0->waitForOpenPort(9160);
$cass0->execute("echo show version | cqlsh localhost -u cassandra -p cassandra");
sleep 2;
$cass0->succeed("echo show version | cqlsh localhost -u cassandra -p cassandra");
$cass1->start;
$cass0->waitUntilSucceeds("nc -z cass0 9042");
$cass0->succeed("echo 'show version;' | cqlsh cass0");
};
subtest "cassandra user/group", sub {
$cass0->succeed("id \"${user}\" >/dev/null");
$cass1->succeed("id \"${user}\" >/dev/null");
subtest "nodetool is operational", sub {
$cass0->waitForUnit("cassandra.service");
$cass0->waitUntilSucceeds("nc -z localhost 7199");
$cass0->succeed("nodetool status --resolve-ip | egrep '^UN[[:space:]]+cass0'");
};
subtest "bring up cassandra cluster", sub {
subtest "bring up cluster", sub {
$cass1->waitForUnit("cassandra.service");
$cass0->waitUntilSucceeds("nodetool status | grep -c UN | grep 2");
$cass1->waitUntilSucceeds("nodetool status | egrep -c '^UN' | grep 2");
$cass0->succeed("nodetool status --resolve-ip | egrep '^UN[[:space:]]+cass1'");
};
subtest "break and fix node", sub {
$cass0->block;
$cass0->waitUntilSucceeds("nodetool status | grep -c DN | grep 1");
$cass0->unblock;
$cass0->waitUntilSucceeds("nodetool status | grep -c UN | grep 2");
$cass1->block;
$cass0->waitUntilSucceeds("nodetool status --resolve-ip | egrep -c '^DN[[:space:]]+cass1'");
$cass0->succeed("nodetool status | egrep -c '^UN' | grep 1");
$cass1->unblock;
$cass1->waitUntilSucceeds("nodetool status | egrep -c '^UN' | grep 2");
$cass0->succeed("nodetool status | egrep -c '^UN' | grep 2");
};
subtest "replace crashed node", sub {
$cass1->crash;
$cass2->start;
$cass2->waitForUnit("cassandra.service");
$cass0->waitUntilFails("nodetool status | grep UN | grep 192.168.1.2");
$cass0->waitUntilSucceeds("nodetool status | grep UN | grep 192.168.1.3");
$cass0->waitUntilFails("nodetool status --resolve-ip | egrep '^UN[[:space:]]+cass1'");
$cass0->waitUntilSucceeds("nodetool status --resolve-ip | egrep '^UN[[:space:]]+cass2'");
};
'';
})

148
nixos/tests/certmgr.nix Normal file
View File

@ -0,0 +1,148 @@
{ system ? builtins.currentSystem }:
with import ../lib/testing.nix { inherit system; };
let
mkSpec = { host, service ? null, action }: {
inherit action;
authority = {
file = {
group = "nobody";
owner = "nobody";
path = "/tmp/${host}-ca.pem";
};
label = "www_ca";
profile = "three-month";
remote = "localhost:8888";
};
certificate = {
group = "nobody";
owner = "nobody";
path = "/tmp/${host}-cert.pem";
};
private_key = {
group = "nobody";
mode = "0600";
owner = "nobody";
path = "/tmp/${host}-key.pem";
};
request = {
CN = host;
hosts = [ host "www.${host}" ];
key = {
algo = "rsa";
size = 2048;
};
names = [
{
C = "US";
L = "San Francisco";
O = "Example, LLC";
ST = "CA";
}
];
};
inherit service;
};
mkCertmgrTest = { svcManager, specs, testScript }: makeTest {
name = "certmgr-" + svcManager;
nodes = {
machine = { config, lib, pkgs, ... }: {
networking.firewall.allowedTCPPorts = with config.services; [ cfssl.port certmgr.metricsPort ];
networking.extraHosts = "127.0.0.1 imp.example.org decl.example.org";
services.cfssl.enable = true;
systemd.services.cfssl.after = [ "cfssl-init.service" "networking.target" ];
systemd.services.cfssl-init = {
description = "Initialize the cfssl CA";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "cfssl";
Type = "oneshot";
WorkingDirectory = config.services.cfssl.dataDir;
};
script = ''
${pkgs.cfssl}/bin/cfssl genkey -initca ${pkgs.writeText "ca.json" (builtins.toJSON {
hosts = [ "ca.example.com" ];
key = {
algo = "rsa"; size = 4096; };
names = [
{
C = "US";
L = "San Francisco";
O = "Internet Widgets, LLC";
OU = "Certificate Authority";
ST = "California";
}
];
})} | ${pkgs.cfssl}/bin/cfssljson -bare ca
'';
};
services.nginx = {
enable = true;
virtualHosts = lib.mkMerge (map (host: {
${host} = {
sslCertificate = "/tmp/${host}-cert.pem";
sslCertificateKey = "/tmp/${host}-key.pem";
extraConfig = ''
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
'';
onlySSL = true;
serverName = host;
root = pkgs.writeTextDir "index.html" "It works!";
};
}) [ "imp.example.org" "decl.example.org" ]);
};
systemd.services.nginx.wantedBy = lib.mkForce [];
systemd.services.certmgr.after = [ "cfssl.service" ];
services.certmgr = {
enable = true;
inherit svcManager;
inherit specs;
};
};
};
inherit testScript;
};
in
{
systemd = mkCertmgrTest {
svcManager = "systemd";
specs = {
decl = mkSpec { host = "decl.example.org"; service = "nginx"; action ="restart"; };
imp = toString (pkgs.writeText "test.json" (builtins.toJSON (
mkSpec { host = "imp.example.org"; service = "nginx"; action = "restart"; }
)));
};
testScript = ''
$machine->waitForUnit('cfssl.service');
$machine->waitUntilSucceeds('ls /tmp/decl.example.org-ca.pem');
$machine->waitUntilSucceeds('ls /tmp/decl.example.org-key.pem');
$machine->waitUntilSucceeds('ls /tmp/decl.example.org-cert.pem');
$machine->waitUntilSucceeds('ls /tmp/imp.example.org-ca.pem');
$machine->waitUntilSucceeds('ls /tmp/imp.example.org-key.pem');
$machine->waitUntilSucceeds('ls /tmp/imp.example.org-cert.pem');
$machine->waitForUnit('nginx.service');
$machine->succeed('[ "1" -lt "$(journalctl -u nginx | grep "Starting Nginx" | wc -l)" ]');
$machine->succeed('curl --cacert /tmp/imp.example.org-ca.pem https://imp.example.org');
$machine->succeed('curl --cacert /tmp/decl.example.org-ca.pem https://decl.example.org');
'';
};
command = mkCertmgrTest {
svcManager = "command";
specs = {
test = mkSpec { host = "command.example.org"; action = "touch /tmp/command.executed"; };
};
testScript = ''
$machine->waitForUnit('cfssl.service');
$machine->waitUntilSucceeds('stat /tmp/command.executed');
'';
};
}

13
nixos/tests/hydra/default.nix
View File

@ -2,14 +2,11 @@ import ../make-test.nix ({ pkgs, ...} :
let
trivialJob = pkgs.writeTextDir "trivial.nix" ''
with import <nix/config.nix>;
{ trivial = builtins.derivation {
name = "trivial";
system = "x86_64-linux";
PATH = coreutils;
builder = shell;
args = ["-c" "touch $out; exit 0"];
builder = "/bin/sh";
args = ["-c" "echo success > $out; exit 0"];
};
}
'';
@ -27,7 +24,7 @@ let
in {
name = "hydra-init-localdb";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ pstn lewo ];
maintainers = [ pstn lewo ma27 ];
};
machine =
@ -50,6 +47,8 @@ in {
hostName = "localhost";
systems = [ "x86_64-linux" ];
}];
binaryCaches = [];
};
};
@ -74,5 +73,5 @@ in {
$machine->succeed("create-trivial-project.sh");
$machine->waitUntilSucceeds('curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq');
'';
'';
})

2
nixos/tests/installer.nix
View File

@ -467,7 +467,7 @@ in {
enableOCR = true;
preBootCommands = ''
$machine->start;
$machine->waitForText(qr/Enter passphrase/);
$machine->waitForText(qr/Passphrase for/);
$machine->sendChars("supersecret\n");
'';
};

2
nixos/tests/yabar.nix
View File

@ -1,4 +1,4 @@
import ./make-test.nix ({ pkgs, lib }:
import ./make-test.nix ({ pkgs, lib, ... }:
with lib;

4
pkgs/applications/altcoins/go-ethereum.nix
View File

@ -2,7 +2,7 @@
buildGoPackage rec {
name = "go-ethereum-${version}";
version = "1.8.11";
version = "1.8.13";
goPackagePath = "github.com/ethereum/go-ethereum";
# Fix for usb-related segmentation faults on darwin
@ -16,7 +16,7 @@ buildGoPackage rec {
owner = "ethereum";
repo = "go-ethereum";
rev = "v${version}";
sha256 = "1b4za0hszb95jnj97g4xkrgcl0bydllznm0wj6rpi6cwmdr0h8na";
sha256 = "123jkyb293z7ww3sa9ji5rw7xd229isi03k4ayyh5p7rr0dg8al0";
};
meta = with stdenv.lib; {

5
pkgs/applications/altcoins/namecoin.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, openssl, boost, libevent, autoreconfHook, db4, miniupnpc, eject, pkgconfig, qt4, protobuf, libqrencode
{ stdenv, fetchFromGitHub, openssl, boost, libevent, autoreconfHook, db4, miniupnpc, eject, pkgconfig, qt4, protobuf, libqrencode, hexdump
, withGui }:
with stdenv.lib;
@ -16,6 +16,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
autoreconfHook
pkgconfig
hexdump
];
buildInputs = [
@ -31,6 +32,8 @@ stdenv.mkDerivation rec {
libqrencode
];
enableParallelBuilding = true;
configureFlags = [
"--with-boost-libdir=${boost.out}/lib"
];

6
pkgs/applications/audio/MMA/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, makeWrapper, python, alsaUtils, timidity }:
{ stdenv, fetchurl, makeWrapper, python3, alsaUtils, timidity }:
stdenv.mkDerivation rec {
version = "16.06";
@ -9,7 +9,7 @@
sha256 = "1g4gvc0nr0qjc0fyqrnx037zpaasgymgmrm5s7cdxqnld9wqw8ww";
};
buildInputs = [ makeWrapper python alsaUtils timidity ];
buildInputs = [ makeWrapper python3 alsaUtils timidity ];
patchPhase = ''
sed -i 's@/usr/bin/aplaymidi@/${alsaUtils}/bin/aplaymidi@g' mma-splitrec
@ -18,7 +18,7 @@
sed -i 's@/usr/bin/arecord@/${alsaUtils}/bin/arecord@g' util/mma-splitrec.py
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' mma-splitrec
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' util/mma-splitrec.py
find . -type f | xargs sed -i 's@/usr/bin/env python@${python}/bin/python@g'
find . -type f | xargs sed -i 's@/usr/bin/env python@${python3.interpreter}@g'
'';
installPhase = ''

10
pkgs/applications/audio/ams-lv2/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, cairo, fftw, gtkmm2, lv2, lvtk, pkgconfig, python }:
{ stdenv, fetchFromGitHub, cairo, fftw, gtkmm2, lv2, lvtk, pkgconfig, python3 }:
stdenv.mkDerivation rec {
name = "ams-lv2-${version}";
@ -12,13 +12,13 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ cairo fftw gtkmm2 lv2 lvtk python ];
buildInputs = [ cairo fftw gtkmm2 lv2 lvtk ];
configurePhase = "python waf configure --prefix=$out";
configurePhase = "${python3.interpreter} waf configure --prefix=$out";
buildPhase = "python waf";
buildPhase = "${python3.interpreter} waf";
installPhase = "python waf install";
installPhase = "${python3.interpreter} waf install";
meta = with stdenv.lib; {
description = "An LV2 port of the internal modules found in Alsa Modular Synth";

4
pkgs/applications/audio/bitwig-studio/bitwig-studio2.nix
View File

@ -3,11 +3,11 @@
bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}";
version = "2.3.2";
version = "2.3.5";
src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
sha256 = "10ji4jqnnlhv4bgvhqwysprax6jcjk4759jskr9imwj6qjnj3vzn";
sha256 = "1v62z08hqla8fz5m7hl9ynf2hpr0j0arm0nb5lpd99qrv36ibrsc";
};
buildInputs = bitwig-studio1.buildInputs ++ [ ffmpeg ];

13
pkgs/applications/audio/cantata/default.nix
View File

@ -28,7 +28,7 @@ assert withOnlineServices -> withTaglib;
assert withReplaygain -> withTaglib;
let
version = "2.2.0";
version = "2.3.2";
pname = "cantata";
fstat = x: fn: "-DENABLE_" + fn + "=" + (if x then "ON" else "OFF");
fstats = x: map (fstat x);
@ -42,18 +42,9 @@ in stdenv.mkDerivation rec {
owner = "CDrummond";
repo = "cantata";
rev = "v${version}";
sha256 = "1b633chgfs8rya78bzzck5zijna15d1y4nmrz4dcjp862ks5y5q6";
sha256 = "11hjday5vj0wzkc8yb5wbs05jwa8mvgxswd5qvhpci0zkl975yzn";
};
patches = [
# patch is needed for 2.2.0 with qt 5.10 (doesn't harm earlier versions)
(fetchpatch {
url = "https://github.com/CDrummond/cantata/commit/4da7a9128f2c5eaf23ae2a5006d300dc4f21fc6a.patch";
sha256 = "1z21ax3542z7hm628xv110lmplaspb407jzgfk16xkphww5qyphj";
name = "fix_qt_510.patch";
})
];
buildInputs = [ vlc qtbase qtmultimedia qtsvg ]
++ stdenv.lib.optionals withTaglib [ taglib taglib_extras ]
++ stdenv.lib.optionals withReplaygain [ ffmpeg speex mpg123 ]

4
pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.23.0";
version = "3.23.2";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "1zhd82mzbzc9jx7xhglgq0giyy214ypq1rw5kmhp5zswv71hf2j0";
sha256 = "1zf4ck19z3nh1x9a847ay1qnkyvi6s6866kp6q6dh1xpn7i9rmx7";
};
propagatedBuildInputs = [

15
pkgs/applications/audio/paprefs/default.nix
View File

@ -1,21 +1,16 @@
{ fetchurl, stdenv, pkgconfig, pulseaudioFull, gtkmm2, libglademm
, dbus-glib, GConf, gconfmm, intltool }:
{ fetchurl, stdenv, meson, ninja, gettext, pkgconfig, pulseaudioFull, gtkmm3, dbus-glib, wrapGAppsHook }:
stdenv.mkDerivation rec {
name = "paprefs-0.9.10";
name = "paprefs-1.0";
src = fetchurl {
url = "https://freedesktop.org/software/pulseaudio/paprefs/${name}.tar.xz";
sha256 = "1c5b3sb881szavly220q31g7rvpn94wr7ywlk00hqb9zaikml716";
sha256 = "0y77i9gaaassvvjrpwb4xbgqcmr51zmj5rh4z8zm687i5izf84md";
};
buildInputs = [ pulseaudioFull gtkmm2 libglademm dbus-glib gconfmm ];
nativeBuildInputs = [ meson ninja gettext pkgconfig wrapGAppsHook ];
nativeBuildInputs = [ pkgconfig intltool ];
propagatedUserEnvPkgs = [ GConf ];
configureFlags = [ "--disable-lynx" ];
buildInputs = [ pulseaudioFull gtkmm3 dbus-glib ];
meta = with stdenv.lib; {
description = "PulseAudio Preferences";

1
pkgs/applications/audio/pianobar/default.nix
View File

@ -23,6 +23,5 @@ stdenv.mkDerivation rec {
homepage = http://6xq.net/projects/pianobar/;
platforms = platforms.linux;
license = licenses.mit; # expat version
maintainers = with maintainers; [ eduarrrd ];
};
}

4
pkgs/applications/audio/pulseeffects/default.nix
View File

@ -42,13 +42,13 @@ let
];
in stdenv.mkDerivation rec {
name = "pulseeffects-${version}";
version = "4.2.3";
version = "4.2.6";
src = fetchFromGitHub {
owner = "wwmm";
repo = "pulseeffects";
rev = "v${version}";
sha256 = "0s3lc0xkr48wzk0b6akq4yw19n0iwfi9jyji8bpdgj5y7kjg5mqm";
sha256 = "1b5h760bb1wgn4avirjjri5fcfqvnsr076qnhrdiqcic3vgircsm";
};
nativeBuildInputs = [

4
pkgs/applications/audio/qjackctl/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchurl, pkgconfig, alsaLib, libjack2, dbus, qtbase, qttools, qtx11extras }:
stdenv.mkDerivation rec {
version = "0.5.2";
version = "0.5.3";
name = "qjackctl-${version}";
# some dependencies such as killall have to be installed additionally
src = fetchurl {
url = "mirror://sourceforge/qjackctl/${name}.tar.gz";
sha256 = "0nqr5f82lry3i4if8wdmrqsw84m45ijyj4psll30plxx5732zzaz";
sha256 = "0x08af8m5l8qy9av3dlldsg58ny9nc69h1s4i6hqkvj24jwy6fw1";
};
buildInputs = [

4
pkgs/applications/audio/qsampler/default.nix
View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
name = "qsampler-${version}";
version = "0.5.1";
version = "0.5.2";
src = fetchurl {
url = "mirror://sourceforge/qsampler/${name}.tar.gz";
sha256 = "18j4cwmn7waih9x5b66cba2aa85spqqp507bf19ahsb5gl358yhh";
sha256 = "0xb0j57k03pkdl7yl5mcv1i21ljnxcq6b9h3zp6mris916lj45zq";
};
nativeBuildInputs = [ autoconf automake libtool pkgconfig qttools ];

6
pkgs/applications/audio/qsynth/default.nix
View File

@ -2,15 +2,15 @@
stdenv.mkDerivation rec {
name = "qsynth-${version}";
version = "0.5.1";
version = "0.5.2";
src = fetchurl {
url = "mirror://sourceforge/qsynth/${name}.tar.gz";
sha256 = "0kpk1rnhbifbvm4xvw8i0d4ksk78pf505qvg08k89kqkg32494ap";
sha256 = "1rfkaxq1pyc4hv3l0i6wicianbcbm1wp53kh9i5d4jsljgisd1dv";
};
# cmake is looking for qsynth.desktop.in and fails if it doesn't find it
# seems like a bug and can presumable go in the next version after 0.5.1
# seems like a bug and can presumable go in the next version after 0.5.2
postPatch = ''
mv src/qsynth.desktop src/qsynth.desktop.in
'';

4
pkgs/applications/audio/setbfree/default.nix
View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec {
name = "setbfree-${version}";
version = "0.8.5";
version = "0.8.7";
src = fetchurl {
url = "https://github.com/pantherb/setBfree/archive/v${version}.tar.gz";
sha256 = "0qfccny0hh9lq54272mzmxvfz2jmzcgigjkjwn6v9h6n00gi5bw4";
sha256 = "07s320r67cz0cdjdsbcwn0fw3xs0wz7lgrybqpws2skvkbls228q";
};
patchPhase = ''

4
pkgs/applications/audio/x42-plugins/default.nix
View File

@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec {
version = "20180320";
version = "20180803";
name = "x42-plugins-${version}";
src = fetchurl {
url = "https://gareus.org/misc/x42-plugins/${name}.tar.xz";
sha256 = "167ly9nxqq3g0j35i9jv9rvd8qp4i9ncfcjxmg972cp6q8ak8mdl";
sha256 = "1v7p6vnkcbzyvmcysabhmn603cndzx9mwzaw5dppy4wd687vhgis";
};
nativeBuildInputs = [ pkgconfig ];

1
pkgs/applications/display-managers/sddm/default.nix
View File

@ -62,5 +62,6 @@ in mkDerivation rec {
homepage = https://github.com/sddm/sddm;
maintainers = with maintainers; [ abbradar ttuegel ];
platforms = platforms.linux;
license = licenses.gpl2Plus;
};
}

1
pkgs/applications/display-managers/slim/default.nix
View File

@ -50,5 +50,6 @@ stdenv.mkDerivation rec {
meta = {
homepage = https://sourceforge.net/projects/slim.berlios/; # berlios shut down; I found no replacement yet
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.gpl2;
};
}

12
pkgs/applications/editors/android-studio/default.nix
View File

@ -8,9 +8,9 @@ let
inherit (gnome2) GConf gnome_vfs;
};
stableVersion = {
version = "3.1.3.0"; # "Android Studio 3.1.3"
build = "173.4819257";
sha256Hash = "196yaswbxh2nd83gimjxr8ggr5xkdxq7n3xlh6ax73v59pj4hryq";
version = "3.1.4.0"; # "Android Studio 3.1.4"
build = "173.4907809";
sha256Hash = "0xx6yprylmcb32ipmwdcfkgddlm1nrxi1w68miclvgrbk015brf2";
};
betaVersion = {
version = "3.2.0.22"; # "Android Studio 3.2 Beta 5"
@ -18,9 +18,9 @@ let
sha256Hash = "016nyn1pqviy089hg0dq7m4cqb39fdxdcy4zknkaq7dmgv1dj6x9";
};
latestVersion = { # canary & dev
version = "3.3.0.3"; # "Android Studio 3.3 Canary 4"
build = "182.4924367";
sha256Hash = "03fxjxlsbrpklsss1nvlkb41skr5ymmq9vdns8iikcm1ng925vfd";
version = "3.3.0.4"; # "Android Studio 3.3 Canary 5"
build = "182.4928781";
sha256Hash = "110gh5ylgf1p8z0rdnvc6clkq3v721v6pjvll66a8v4zgz9ay8b4";
};
in rec {
# Old alias

47
pkgs/applications/editors/emacs-modes/melpa-packages.nix
View File

@ -52,19 +52,9 @@ self:
# part of a larger package
caml = dontConfigure super.caml;
# part of a larger package
# upstream issue: missing package version
cmake-mode = markBroken (dontConfigure super.cmake-mode);
# Expects bash to be at /bin/bash
company-rtags = markBroken super.company-rtags;
# upstream issue: missing file header
connection = markBroken super.connection;
# upstream issue: missing file header
dictionary = markBroken super.dictionary;
easy-kill-extras = super.easy-kill-extras.override {
inherit (self.melpaPackages) easy-kill;
};
@ -79,6 +69,17 @@ self:
inherit (self.melpaPackages) ess ctable popup;
};
evil-magit = super.evil-magit.overrideAttrs (attrs: {
# searches for Git at build time
nativeBuildInputs =
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});
# missing dependencies
evil-search-highlight-persist = super.evil-search-highlight-persist.overrideAttrs (attrs: {
packageRequires = with self; [ evil highlight ];
});
# missing OCaml
flycheck-ocaml = markBroken super.flycheck-ocaml;
@ -108,15 +109,17 @@ self:
# upstream issue: missing file header
initsplit = super.initsplit;
# tries to write a log file to $HOME
insert-shebang = super.insert-shebang.overrideAttrs (attrs: {
HOME = "/tmp";
});
# Expects bash to be at /bin/bash
ivy-rtags = markBroken super.ivy-rtags;
# upstream issue: missing file header
jsfmt = markBroken super.jsfmt;
# upstream issue: missing file header
link = markBroken super.link;
# upstream issue: missing file header
maxframe = markBroken super.maxframe;
@ -131,6 +134,18 @@ self:
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});
magit-annex = super.magit-annex.overrideAttrs (attrs: {
# searches for Git at build time
nativeBuildInputs =
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});
magit-gitflow = super.magit-gitflow.overrideAttrs (attrs: {
# searches for Git at build time
nativeBuildInputs =
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});
# missing OCaml
merlin = markBroken super.merlin;
@ -154,8 +169,10 @@ self:
(attrs.nativeBuildInputs or []) ++ [ external.git ];
}));
# upstream issue: truncated file
powershell = markBroken super.powershell;
# tries to write to $HOME
php-auto-yasnippets = super.php-auto-yasnippets.overrideAttrs (attrs: {
HOME = "/tmp";
});
# upstream issue: mismatched filename
processing-snippets = markBroken super.processing-snippets;

28
pkgs/applications/editors/gobby/default.nix
View File

@ -1,26 +1,22 @@
{ avahiSupport ? false # build support for Avahi in libinfinity
, gnomeSupport ? false # build support for Gnome(gnome-vfs)
, stdenv, fetchurl, pkgconfig
, gtkmm2, gsasl, gtksourceview, libxmlxx, libinfinity, intltool
, gnome_vfs ? null}:
, stdenv, fetchurl, fetchFromGitHub, autoconf, automake, pkgconfig, wrapGAppsHook
, gtkmm3, gsasl, gtksourceview3, libxmlxx, libinfinity, intltool, itstool, gnome3 }:
let
libinf = libinfinity.override { gtkWidgets = true; inherit avahiSupport; };
in stdenv.mkDerivation rec {
name = "gobby-0.5.0";
src = fetchurl {
url = "http://releases.0x539.de/gobby/${name}.tar.gz";
sha256 = "165x0r668ma5blziisvbr8qig3jw9hf7i6w8r7wwvz3wsac3bswc";
name = "gobby-unstable-2018-04-03";
src = fetchFromGitHub {
owner = "gobby";
repo = "gobby";
rev = "ea4df27c9b6b885434797b0071ce198b23f9f63b";
sha256 = "0q7lq64yn16lxvj4jphs8y9194h0xppj8k7y9x8b276krraak2az";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ gtkmm2 gsasl gtksourceview libxmlxx libinf intltool ]
++ stdenv.lib.optional gnomeSupport gnome_vfs;
configureFlags = ''
'';
nativeBuildInputs = [ autoconf automake pkgconfig intltool itstool gnome3.yelp-tools wrapGAppsHook ];
buildInputs = [ gtkmm3 gsasl gtksourceview3 libxmlxx libinf ];
preConfigure = "./autogen.sh";
meta = with stdenv.lib; {
homepage = http://gobby.0x539.de/;

40
pkgs/applications/editors/jetbrains/default.nix
View File

@ -249,12 +249,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "08kjlmldnd6rnk8m12klfp9vbkbvcsgaknpi55r248nzglnbx9gz"; /* updated by script */
sha256 = "16fr5760nkzgx8785x6hh7s96x097y6vdx7w1f9ipg71vv25cscq"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion Release"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -262,12 +262,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "1byf46vni8s6qf3wlsnscxipgndl6ic48nizwiaqasnhhszqssxs"; /* updated by script */
sha256 = "1jfkxr790wr8ffn7ph694hfzahs2akjcfk4rfsvjv1dccqb0167k"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip 2018.2";
@ -275,12 +275,12 @@ in
goland = buildGoland rec {
name = "goland-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "Up and Coming Go IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "0z7a06892c3hcq5zxvkfnyf0ablwq51710x1f12v6r297l4mfra0"; /* updated by script */
sha256 = "0k96v00cbxkgxs9xby5m4dxl4w2kkm2lii54z1hqjwqmc9kxa2ia"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "GoLand Release";
@ -288,12 +288,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "0r5fsai77w74vhfs449yff56pi4vynl8w25amn23k6hddlqxph2s"; /* updated by script */
sha256 = "04dqyzkkrwvcdy1raard77v2315d44h29cpc9p98bjidvjd6bhsx"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA Release";
@ -301,12 +301,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz";
sha256 = "1xq97dcf7xcs8fsrjsqqrzxf2gnrll8bbqkzrpg85bqxap0hvb45"; /* updated by script */
sha256 = "0ydidg9pk8bqf5jb1z0fw2m88v6mi38b4ddgmh5c9d9p44g6mddv"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA Release";
@ -314,12 +314,12 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "15czwk15c1gnf7xrgm423xafsw55083dd6g15g69zs0l9psrss31"; /* updated by script */
sha256 = "042qhdkl4v5q4cdbqfbiwj6s3acivdb5kmbyn4jix8pg8r37yfnm"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
update-channel = "PhpStorm 2018.2";
@ -327,12 +327,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0a5dsr2piw0vgm9lvc2k18sdnvii55xdyi90z95hzg5syhsm1a94"; /* updated by script */
sha256 = "14vnwqk0x0anvzmdv2ddc3qc9g5fll2ql02mi12k425j30fl2z2q"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm Release";
@ -340,12 +340,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0azjrbxpwank09i7riflbkgrgm23f0q6hgisca6d14ldcbr933aj"; /* updated by script */
sha256 = "1h4f9l577w2ps0y79x79yhpbrsv3j5nwr1lr1890phmp6zri6wyf"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm Release";
@ -366,12 +366,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "0la83cqf3aknrc62ddpij0gg50rws5l2g4iasyrvfhn4wnmj6n4q"; /* updated by script */
sha256 = "1gwcadjgs4cw5i3h1xn92ng415vzr5cxyrpgckr1qy37d5f4bhqg"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine 2018.2";
@ -379,12 +379,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2018.2"; /* updated by script */
version = "2018.2.1"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "024schngx26ik8cvmkijfzzmpkajckl2dbyz31ajnmixpn07pwi6"; /* updated by script */
sha256 = "1jbzkp13qn4n58kbcsszm2gfnywjma2yvn48g0vi14v7x6zihhxd"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm Release";

6
pkgs/applications/editors/kakoune/default.nix
View File

@ -4,12 +4,12 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "kakoune-unstable-${version}";
version = "2018-05-21";
version = "2018-08-05";
src = fetchFromGitHub {
repo = "kakoune";
owner = "mawww";
rev = "878d2a4bdb674a5e7703a66e530520f48efba641";
sha256 = "0pwy6ilsb62s1792gjyvhvq8shj60l8lx26b58zvpfb54an4s6rk";
rev = "ae75032936ed9ffa2bf14589fef115d3d684a7c6";
sha256 = "1qm6i8vzr4wjxxdvhr54pan0ysxq1sn880bz8p2w9y6qa91yd3m3";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ ncurses asciidoc docbook_xsl libxslt ];

1
pkgs/applications/editors/nedit/default.nix
View File

@ -28,5 +28,6 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
homepage = https://sourceforge.net/projects/nedit;
platforms = with platforms; linux ++ darwin;
license = licenses.gpl2;
};
}

4
pkgs/applications/editors/sigil/default.nix
View File

@ -6,10 +6,10 @@
stdenv.mkDerivation rec {
name = "sigil-${version}";
version = "0.9.9";
version = "0.9.10";
src = fetchFromGitHub {
sha256 = "01pvc7k54mx5c7h1qiw92d4j459psv7n9xg94qbinf8vmpvkrcbw";
sha256 = "11r7043kbqv67z1aqk929scsg6yllldpl8icl32dw3dai7f1c658";
rev = version;
repo = "Sigil";
owner = "Sigil-Ebook";

15
pkgs/applications/editors/vim/configurable.nix
View File

@ -6,6 +6,7 @@ args@{ source ? "default", callPackage, fetchurl, stdenv, ncurses, pkgconfig, ge
, libICE
, vimPlugins
, makeWrapper
, wrapGAppsHook
# apple frameworks
, CoreServices, CoreData, Cocoa, Foundation, libobjc, cf-private
@ -73,15 +74,6 @@ in stdenv.mkDerivation rec {
src = builtins.getAttr source {
"default" = common.src; # latest release
"vim-nox" =
{
# vim nox branch: client-server without X by uing sockets
# REGION AUTO UPDATE: { name="vim-nox"; type="hg"; url="https://code.google.com/r/yukihironakadaira-vim-cmdsrv-nox/"; branch="cmdsrv-nox"; }
src = (fetchurl { url = "http://mawercer.de/~nix/repos/vim-nox-hg-2082fc3.tar.bz2"; sha256 = "293164ca1df752b7f975fd3b44766f5a1db752de6c7385753f083499651bd13a"; });
name = "vim-nox-hg-2082fc3";
# END
}.src;
};
patches = [ ./cflags-prune.diff ] ++ stdenv.lib.optional ftNixSupport ./ft-nix-support.patch;
@ -131,6 +123,7 @@ in stdenv.mkDerivation rec {
++ stdenv.lib.optional wrapPythonDrv makeWrapper
++ stdenv.lib.optional nlsSupport gettext
++ stdenv.lib.optional perlSupport perl
++ stdenv.lib.optional (guiSupport == "gtk3") wrapGAppsHook
;
buildInputs = [ ncurses libX11 libXext libSM libXpm libXt libXaw libXau
@ -161,6 +154,10 @@ in stdenv.mkDerivation rec {
ln -sfn '${nixosRuntimepath}' "$out"/share/vim/vimrc
'' + stdenv.lib.optionalString wrapPythonDrv ''
wrapProgram "$out/bin/vim" --prefix PATH : "${python}/bin"
'' + stdenv.lib.optionalString (guiSupport == "gtk3") ''
rm "$out/bin/gvim"
echo -e '#!${stdenv.shell}\n"'"$out/bin/vim"'" -g "$@"' > "$out/bin/gvim"
chmod a+x "$out/bin/gvim"
'';
preInstall = ''

8
pkgs/applications/editors/vscode/default.nix
View File

@ -2,7 +2,7 @@
gtk2, makeWrapper, libXScrnSaver, libxkbfile, libsecret }:
let
version = "1.25.1";
version = "1.26.0";
channel = "stable";
plat = {
@ -12,9 +12,9 @@ let
}.${stdenv.system};
sha256 = {
"i686-linux" = "1qljnajk4h9ki5gvydh1b557fvhvcryvkrvypvz0pr804lpdqsmg";
"x86_64-linux" = "0f1lpwyxfchmbymzzxv97w9cy1z5pdljhwm49mc5v84aygmvnmjq";
"x86_64-darwin" = "1dgda1drij1c114xzv4hs44k7rx4x1vzghlxgii0h2rg641n6pbn";
"i686-linux" = "fd150bee8e1be4f5461013b8fee19f855200d046643e4ea5387aad170ad5f12b";
"x86_64-linux" = "618ca429e23777ef6b512c0cbd78bc711a7cf6f58752d9f805ced1dc62abb8f0";
"x86_64-darwin" = "07c2d678596e4e1f0bdf35b7d72a6d46851bf169d89f134fa73ff4f9007efbc3";
}.${stdenv.system};
archive_fmt = if stdenv.system == "x86_64-darwin" then "zip" else "tar.gz";

40
pkgs/applications/graphics/animbar/default.nix Normal file
View File

@ -0,0 +1,40 @@
{ stdenv, lib, fetchurl, cmake, qt4, file, gcc }:
stdenv.mkDerivation rec {
pname = "animbar";
version = "1.2";
name = "${pname}-${version}";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${name}.tar.bz2";
sha256 = "0836nwcpyfdrapyj3hbg3wh149ihc26pc78h01adpc7c0r7d9pr9";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ qt4 file ];
installPhase = ''
mkdir -p $out/bin $out/share/pixmaps
cp src/animbar $out/bin
cp ../icon/* $out/share/pixmaps
'';
meta = with lib; {
description = "Create your own animation on paper and transparancy";
longDescription = ''
Animbar lets you easily create your own animation on paper and
transparancy. From a set of input images two output images are
computed, that are printed one on paper and one on
transparency. By moving the transparency over the paper you
create a fascinating animation effect. This kind of animation
technique is hundreds of years old and known under several
names: picket fence animation, barrier grid animation, Moiré
animation, to name a few.
'';
homepage = http://animbar.mnim.org;
maintainers = with maintainers; [ leenaars ];
platforms = platforms.linux;
license = licenses.gpl3;
};
}

3
pkgs/applications/graphics/dosage/default.nix
View File

@ -1,4 +1,4 @@
{ pythonPackages, fetchFromGitHub }:
{ stdenv, pythonPackages, fetchFromGitHub }:
pythonPackages.buildPythonApplication rec {
pname = "dosage";
@ -23,5 +23,6 @@ pythonPackages.buildPythonApplication rec {
meta = {
description = "A comic strip downloader and archiver";
homepage = https://dosage.rocks/;
license = stdenv.lib.licenses.mit;
};
}

1
pkgs/applications/graphics/jbrout/default.nix
View File

@ -37,5 +37,6 @@ in pythonPackages.buildPythonApplication rec {
homepage = http://manatlan.com/jbrout/;
description = "Photo manager";
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.gpl2Plus;
};
}

23
pkgs/applications/graphics/meshlab/default.nix
View File

@ -1,10 +1,13 @@
{ stdenv, fetchFromGitHub, libGLU, qtbase, qtscript, qtxmlpatterns }:
{ fetchFromGitHub, libGLU, llvmPackages, qtbase, qtscript, qtxmlpatterns }:
let
meshlabRev = "5700f5474c8f90696a8925e2a209a0a8ab506662";
vcglibRev = "a8e87662b63ee9f4ded5d4699b28d74183040803";
meshlabRev = "d596d7c086c51fbdfb56050f9c30b55dd0286d4c";
vcglibRev = "6c3c940e34327322507c703889f9f1cfa73ab183";
# ^ this should be the latest commit in the vcglib devel branch at the time of the meshlab revision
stdenv = llvmPackages.stdenv; # only building with clang seems to be tested upstream
in stdenv.mkDerivation {
name = "meshlab-2016.12";
name = "meshlab-20180627-beta";
srcs =
[
@ -12,31 +15,32 @@ in stdenv.mkDerivation {
owner = "cnr-isti-vclab";
repo = "meshlab";
rev = meshlabRev;
sha256 = "0srrp7zhi86dsg4zsx1615gr26barz38zdl8s03zq6vm1dgzl3cc";
sha256 = "0xi7wiyy0yi545l5qvccbqahlcsf70mhx829gf7bq29640si4rax";
name = "meshlab-${meshlabRev}";
})
(fetchFromGitHub {
owner = "cnr-isti-vclab";
repo = "vcglib";
rev = vcglibRev;
sha256 = "0jh8jc8rn7rci8qr3q03q574fk2hsc3rllysck41j8xkr3rmxz2f";
sha256 = "0jfgjvf21y9ncmyr7caipy3ardhig7hh9z8miy885c99b925hhwd";
name = "vcglib-${vcglibRev}";
})
];
sourceRoot = "meshlab-${meshlabRev}";
patches = [ ./fix-2016.02.patch ];
hardeningDisable = [ "format" ];
enableParallelBuilding = true;
patches = [ ./fix-20180627-beta.patch ];
buildPhase = ''
# MeshLab has ../vcglib hardcoded everywhere, so move the source dir
mv ../vcglib-${vcglibRev} ../vcglib
cd src
export NIX_LDFLAGS="-rpath $out/opt/meshlab $NIX_LDFLAGS"
export QMAKESPEC="linux-clang"
pushd external
qmake -recursive external.pro
@ -53,7 +57,7 @@ in stdenv.mkDerivation {
ln -s $out/opt/meshlab/meshlabserver $out/bin/meshlabserver
'';
buildInputs = [ libGLU qtbase qtscript qtxmlpatterns ];
buildInputs = [ libGLU llvmPackages.openmp qtbase qtscript qtxmlpatterns ];
meta = {
description = "A system for processing and editing 3D triangular meshes.";
@ -61,6 +65,5 @@ in stdenv.mkDerivation {
license = stdenv.lib.licenses.gpl3;
maintainers = with stdenv.lib.maintainers; [viric];
platforms = with stdenv.lib.platforms; linux;
broken = true; # 2018-04-11
};
}

88
pkgs/applications/graphics/meshlab/fix-2016.02.patch
View File

@ -1,88 +0,0 @@
From 0fd17cd2b6d57e8a2a981a70115c2565ee076d0f Mon Sep 17 00:00:00 2001
From: Marco Callieri <callieri@isti.cnr.it>
Date: Mon, 9 Jan 2017 16:06:14 +0100
Subject: [PATCH 1/3] resolved ambiguity for abs overloads
diff --git a/src/meshlabplugins/edit_quality/eqhandle.cpp b/src/meshlabplugins/edit_quality/eqhandle.cpp
index 364d53bf..ef3d4a2d 100644
--- a/src/meshlabplugins/edit_quality/eqhandle.cpp
+++ b/src/meshlabplugins/edit_quality/eqhandle.cpp
@@ -83,7 +83,7 @@ void EqHandle::mouseMoveEvent(QGraphicsSceneMouseEvent *event)
setCursor(Qt::OpenHandCursor);
QPointF newPos = event->scenePos();
- qreal handleOffset = abs(newPos.x()-pos().x());
+ qreal handleOffset = std::fabs(newPos.x()-pos().x());
if (handleOffset >= std::numeric_limits<float>::epsilon())
{
--
2.15.0
From 33cfd5801e59b6c9e34360c75112e6dcb88d807b Mon Sep 17 00:00:00 2001
From: Marco Callieri <callieri@isti.cnr.it>
Date: Tue, 10 Jan 2017 10:05:05 +0100
Subject: [PATCH 2/3] again, fabs ambiguity
diff --git a/src/meshlabplugins/edit_quality/eqhandle.cpp b/src/meshlabplugins/edit_quality/eqhandle.cpp
index ef3d4a2d..d29f8c45 100644
--- a/src/meshlabplugins/edit_quality/eqhandle.cpp
+++ b/src/meshlabplugins/edit_quality/eqhandle.cpp
@@ -30,6 +30,7 @@ FIRST RELEASE
#include "eqhandle.h"
#include <QMouseEvent>
#include <QGraphicsSceneMouseEvent>
+#include <math.h>
EqHandle::EqHandle(CHART_INFO *environment_info, QColor color, QPointF position,
EQUALIZER_HANDLE_TYPE type, EqHandle** handles, qreal* midHandlePercentilePosition, QDoubleSpinBox* spinbox,
@@ -83,7 +84,7 @@ void EqHandle::mouseMoveEvent(QGraphicsSceneMouseEvent *event)
setCursor(Qt::OpenHandCursor);
QPointF newPos = event->scenePos();
- qreal handleOffset = std::fabs(newPos.x()-pos().x());
+ qreal handleOffset = fabs(newPos.x()-pos().x());
if (handleOffset >= std::numeric_limits<float>::epsilon())
{
--
2.15.0
From d717e44f4134ebee03322a6a2a56fce626084a3c Mon Sep 17 00:00:00 2001
From: Patrick Chilton <chpatrick@gmail.com>
Date: Mon, 4 Dec 2017 21:27:23 +0100
Subject: [PATCH 3/3] io_TXT -> io_txt
diff --git a/src/meshlab_full.pro b/src/meshlab_full.pro
index 6ea7f1db..2a95c127 100644
--- a/src/meshlab_full.pro
+++ b/src/meshlab_full.pro
@@ -16,7 +16,7 @@ SUBDIRS = common \
meshlabplugins/io_x3d \
meshlabplugins/io_expe \
meshlabplugins/io_pdb \
- plugins_experimental/io_TXT \
+ plugins_experimental/io_txt \
# Filter plugins
meshlabplugins/filter_aging \
meshlabplugins/filter_ao \
diff --git a/src/plugins_experimental/io_TXT/io_txt.cpp b/src/plugins_experimental/io_txt/io_txt.cpp
similarity index 100%
rename from src/plugins_experimental/io_TXT/io_txt.cpp
rename to src/plugins_experimental/io_txt/io_txt.cpp
diff --git a/src/plugins_experimental/io_TXT/io_txt.h b/src/plugins_experimental/io_txt/io_txt.h
similarity index 100%
rename from src/plugins_experimental/io_TXT/io_txt.h
rename to src/plugins_experimental/io_txt/io_txt.h
diff --git a/src/plugins_experimental/io_TXT/io_txt.pro b/src/plugins_experimental/io_txt/io_txt.pro
similarity index 100%
rename from src/plugins_experimental/io_TXT/io_txt.pro
rename to src/plugins_experimental/io_txt/io_txt.pro
--
2.15.0

25
pkgs/applications/graphics/meshlab/fix-20180627-beta.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/src/meshlabplugins/edit_paint/paintbox.cpp b/src/meshlabplugins/edit_paint/paintbox.cpp
index 2097a5b..6bcd1a4 100644
--- a/src/meshlabplugins/edit_paint/paintbox.cpp
+++ b/src/meshlabplugins/edit_paint/paintbox.cpp
@@ -23,6 +23,7 @@
#include "paintbox.h"
#include <QFileDialog>
+#include <QAction>
Paintbox::Paintbox(QWidget * parent, Qt::WindowFlags flags) : QWidget(parent, flags)
{
diff --git a/src/meshlabplugins/render_gdp/shaderDialog.h b/src/meshlabplugins/render_gdp/shaderDialog.h
index a62d3b5..7eb1594 100644
--- a/src/meshlabplugins/render_gdp/shaderDialog.h
+++ b/src/meshlabplugins/render_gdp/shaderDialog.h
@@ -32,6 +32,8 @@
#include "shaderStructs.h"
#include "ui_shaderDialog.h"
#include <QMap>
+#include <QSlider>
+#include <QLineEdit>
class QGLWidget;

1
pkgs/applications/graphics/photoqt/default.nix
View File

@ -31,6 +31,5 @@ stdenv.mkDerivation rec {
description = "Simple, yet powerful and good looking image viewer";
license = stdenv.lib.licenses.gpl2Plus;
platforms = stdenv.lib.platforms.unix;
maintainers = [ stdenv.lib.maintainers.eduarrrd ];
};
}

8
pkgs/applications/graphics/processing3/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchFromGitHub, fetchurl, xmlstarlet, makeWrapper, ant, jdk, rsync, javaPackages, libXxf86vm, gsettings-desktop-schemas }:
stdenv.mkDerivation rec {
version = "3.3.7";
version = "3.4";
name = "processing3-${version}";
src = fetchFromGitHub {
owner = "processing";
repo = "processing";
rev = "processing-0264-3.3.7";
sha256 = "0a20z19lmc4xarfnr7xshcmlv3xkc2dgjxknis0iv79gxnwlqhpq";
rev = "processing-0265-${version}";
sha256 = "12wpxgn2wd5vbasx9584w5yb1s319smq1zh8m7dvp7gkqw9plwp4";
};
nativeBuildInputs = [ ant rsync makeWrapper ];
@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
${xmlstarlet}/bin/xmlstarlet ed --inplace -P -d '//get[@src="http://download.processing.org/reference.zip"]' build/build.xml
install -D -m0444 ${fetchurl {
url = http://download.processing.org/reference.zip;
sha256 = "104zig026y8vbl4qksmscjq0bms8mi2jmri1ijdlbkxcqnv9bnlf";
sha256 = "0dli1bdgw8hsx7g7b048ap81v2za9maa6pfcwdqm3qkfypr8q7pr";
}
} ./java/reference.zip

4
pkgs/applications/misc/calibre/default.nix
View File

@ -5,12 +5,12 @@
}:
stdenv.mkDerivation rec {
version = "3.28.0";
version = "3.29.0";
name = "calibre-${version}";
src = fetchurl {
url = "https://download.calibre-ebook.com/${version}/${name}.tar.xz";
sha256 = "0b3vv03c6m6972sk8zj3zc5sq6b9837irnfgjlqhv9z5i75m0414";
sha256 = "1r29vi8j51r0nnzpjbg34ryvizzkn31sq1iz7z748wjfgr87wmyh";
};
patches = [

1
pkgs/applications/misc/cointop/default.nix
View File

@ -26,5 +26,6 @@ buildGoPackage rec {
homepage = https://cointop.sh;
platforms = stdenv.lib.platforms.linux; # cannot test others
maintainers = [ ];
license = stdenv.lib.licenses.asl20;
};
}

4
pkgs/applications/misc/dbeaver/default.nix
View File

@ -7,7 +7,7 @@
stdenv.mkDerivation rec {
name = "dbeaver-ce-${version}";
version = "5.1.4";
version = "5.1.5";
desktopItem = makeDesktopItem {
name = "dbeaver";
@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://dbeaver.io/files/${version}/dbeaver-ce-${version}-linux.gtk.x86_64.tar.gz";
sha256 = "14i7b3l89rkhqq4zgsdbvcs9pp60djv0rjbm86fpk2wi4zkrlzi5";
sha256 = "17ai2gxnz1wj5m282sib9qhvy3665km2ig1ixxdklmk8apgdl1xr";
};
installPhase = ''

1
pkgs/applications/misc/dfilemanager/default.nix
View File

@ -20,6 +20,5 @@ stdenv.mkDerivation {
description = "File manager written in Qt/C++";
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.unix;
maintainers = [ stdenv.lib.maintainers.eduarrrd ];
};
}

1
pkgs/applications/misc/fetchmail/default.nix
View File

@ -29,5 +29,6 @@ stdenv.mkDerivation {
platforms = stdenv.lib.platforms.unix;
maintainers = [ stdenv.lib.maintainers.peti ];
license = stdenv.lib.licenses.gpl2Plus;
};
}

6
pkgs/applications/misc/gutenberg/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
name = "gutenberg-${version}";
version = "0.4.0";
version = "0.4.1";
src = fetchFromGitHub {
owner = "Keats";
repo = "gutenberg";
rev = "v${version}";
sha256 = "1i2jcyq6afswxyjifhl5irv84licsad7c83yiy17454mplvrmyg2";
sha256 = "0is7156aim2ad8xg2f5068crc4gfvm89x8gxa25vc25p0yr1bpla";
};
cargoSha256 = "0hzxwvb5m8mvpfxys4ikkaag6khflh5bfglmay11wf6ayighv834";
cargoSha256 = "146vlr85n9d06am5ki76fh1vb5r8a4lzx5b7dmgi292kc3dsn41z";
nativeBuildInputs = [ cmake pkgconfig openssl ];
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ CoreServices cf-private ];

27
pkgs/applications/misc/img2pdf/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ stdenv, python3Packages }:
with python3Packages;
buildPythonApplication rec {
pname = "img2pdf";
version = "0.3.1";
src = fetchPypi {
inherit pname version;
sha256 = "071s3gf28nb8ifxkix7dzjny6vib7791mnp0v3f4zagcjcic22a4";
};
doCheck = false; # needs pdfrw
propagatedBuildInputs = [
pillow
];
meta = with stdenv.lib; {
description = "Convert images to PDF via direct JPEG inclusion";
homepage = https://gitlab.mister-muffin.de/josch/img2pdf;
license = licenses.lgpl2;
platforms = platforms.unix;
maintainers = [ maintainers.veprbl ];
};
}

4
pkgs/applications/misc/josm/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "josm-${version}";
version = "14026";
version = "14066";
src = fetchurl {
url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
sha256 = "1ysi23j2yj5b6cn3xdsrl4xp56klpw4xa7c4gv90z2dllx06mqli";
sha256 = "06mhaz5vr19ydqc5irhgcbl0s8fifwvaq60iz2nsnlxb1pw89xia";
};
buildInputs = [ jre10 makeWrapper ];

8
pkgs/applications/misc/keepass-plugins/keeagent/default.nix
View File

@ -1,19 +1,19 @@
{ stdenv, buildEnv, fetchzip, mono }:
let
version = "0.8.1";
version = "0.10.1";
drv = stdenv.mkDerivation {
name = "keeagent-${version}";
src = fetchzip {
url = http://lechnology.com/wp-content/uploads/2016/07/KeeAgent_v0.8.1.zip;
sha256 = "16x1qrnzg0xkvi7w29wj3z0ldmql2vcbwxksbsmnidzmygwg98hk";
url = "https://lechnology.com/wp-content/uploads/2018/04/KeeAgent_v0.10.1.zip";
sha256 = "0j7az6l9wcr8z66mfplkxwydd4bgz2p2vd69xncf0nxlfb0lshh7";
stripRoot = false;
};
meta = {
description = "KeePass plugin to allow other programs to access SSH keys stored in a KeePass database for authentication";
homepage = http://lechnology.com/software/keeagent;
homepage = "http://lechnology.com/software/keeagent";
platforms = with stdenv.lib.platforms; linux;
license = stdenv.lib.licenses.gpl2;
maintainers = [ ];

Some files were not shown because too many files have changed in this diff Show More